[98901] in RedHat Linux List
[RH5.1] One reason why passwords appear in /var/log/messages.
daemon@ATHENA.MIT.EDU (billh@autobahn.org)
Wed Nov 11 01:33:13 1998
From: billh@autobahn.org
Date: Tue, 10 Nov 1998 22:32:58 -0800 (PST)
To: redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
SOP is that user logs in by typing
(1) username
(2) password
However, by the laws of probability, P > 0 percent of the time, user types
in
(1) password
(2) username
in which case -- using RH5.1 default/install sysklogd-1.3-22
/etc/syslog.conf -- a message like the following immediately appears in my
/var/log/messages file (perm 644):
Nov 10 21:53:18 localhost login[510]: FAILED LOGIN 1 FROM (null) FOR
frazzafrazza, User not known to the ... authentication module
[but not, it seems, in my /var/log/secure file].
Because I imagine it should be relatively easy to break into a running
system connected to the internet given the password of a user on that
system, I think the `username' datum from a failed login should appear in
/var/log/secure (if anywhere) but not in /var/log/messages.
--
<billh_AT_autobahn_DOT_org>
Maximize end-user autonomy.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
