[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-arch
Subject:    Re: [Extension] utmpx and LOGIN_FAILURE
From:       David Schultz <das () freebsd ! org>
Date:       2010-05-10 16:39:31
Message-ID: 20100510163931.GA2902 () zim ! MIT ! EDU
[Download RAW message or body]

On Sat, May 01, 2010, Ed Schouten wrote:
> Some time ago I noticed some operating systems offer an interface called
> btmp, which is essentially a wtmp for logging failed login attempts.
> Instead of taking the same approach, I'd rather do something as follows:
> 
> 	http://80386.nl/pub/utmpx-login_failure.diff.txt
> 
> This patch adds a new utmpx log entry type called LOGIN_FAILURE.
> Unfortunately we are the only operating system that does it this way,
> but I suspect if we can already get OpenSSH and PAM to use this
> interface, we've got reasonable coverage. The patch only has the
> modifications for OpenSSH.

An important question is whether the purpose of utmpx is
accounting (keeping track of users' resource consumption) or
auditing (creating a record of events that are relevant to
security).  My impression was that utmpx is mainly for the former,
whereas auditd is a better tool for the latter.  This proposal
seems to conflate the two a bit; maybe utmpx isn't the right place
for this functionality.
_______________________________________________
freebsd-arch@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]