Bug 886 - Inconsistent logging of failed logins
Summary: Inconsistent logging of failed logins
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sysklogd
Version: 5.2
Hardware: i386
OS: Linux
low
low
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-01-20 03:13 UTC by rnapier
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-01-22 21:58:47 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description rnapier 1999-01-20 03:13:33 UTC 
Due to /etc/syslog.conf, incorrect password logins are
logged in /var/log/secure. However, incorrect user logins
are logged in /var/log/messages.
Comment 1 David Lawrence 1999-01-22 21:58:59 UTC 
This is set like this for obvious security reasons. It can be
reconfigured using the syslog.con file if the system administrator
should need it to behave differently.

------- Additional Comments From   01/22/99 17:18 -------
I agree that logging to /var/log/messages is insecure. I'm requesting
that *both* types of messages be logged to /var/log/secure. That way
there's a single place to look for account guessing activity.
Note You need to log in before you can comment on or make changes to this bug.