886 – Inconsistent logging of failed logins

Bug 886 - Inconsistent logging of failed logins

Summary: Inconsistent logging of failed logins

Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	sysklogd
Sub Component:
Version:	5.2
Hardware:	i386
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	David Lawrence
QA Contact:
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	1999-01-20 03:13 UTC by rnapier
Modified:	2008-05-01 15:37 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:
Doc Text:	(edit)
Clone Of:
Environment:	(edit)
Last Closed:	1999-01-22 21:58:47 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description rnapier 1999-01-20 03:13:33 UTC

Due to /etc/syslog.conf, incorrect password logins are
logged in /var/log/secure. However, incorrect user logins
are logged in /var/log/messages.

Comment 1 David Lawrence 1999-01-22 21:58:59 UTC

This is set like this for obvious security reasons. It can be
reconfigured using the syslog.con file if the system administrator
should need it to behave differently.

------- Additional Comments From   01/22/99 17:18 -------
I agree that logging to /var/log/messages is insecure. I'm requesting
that *both* types of messages be logged to /var/log/secure. That way
there's a single place to look for account guessing activity.

Note You need to log in before you can comment on or make changes to this bug.