Subject: PR security/2075
To: None <tech-security@netbsd.org>
From: Chris Jones <chris@cjones.org>
List: tech-security
Date: 01/30/2000 17:07:32
by redmail.netbsd.org with SMTP; 31 Jan 2000 00:08:29 -0000
by grog.cjones.org (8.8.8/8.8.8) id RAA03694;
Sun, 30 Jan 2000 17:07:34 -0700 (MST)
To: tech-security@netbsd.org
Subject: PR security/2075
From: Chris Jones <chris@cjones.org>
Date: 30 Jan 2000 17:07:32 -0700
Message-ID: <86hffvkssb.fsf@grog.cjones.org>
Lines: 20
User-Agent: Gnus/5.0803 (Gnus v5.8.3) Emacs/20.5
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
This is an old PR, submitted by me way back when. I've now become
responsible for it (Thanks, Eric!), but I'm no longer convinced that
it's unequivocally a good idea.
The idea is to raise the syslog priority of failed logins to the root
account, from LOG_WARNING to LOG_NOTICE. Incidentally, our
syslog.conf, as distributed, sends a copy of any auth.notice events to
the console, and *.notice to root. That pretty much encompasses the
argument for it.
The argument against is that too much information from syslog can
often be worse than too little.
Chris
--
-----------------------------------------------------chris@cjones.org
Chris Jones cjones@honors.montana.edu
Mad scientist at large
"Is this going to be a stand-up programming session, sir, or another bug hunt?"