show more details in failed attempts in the syslog
Ming-Ching Tiew
mingching.tiew at redtone.com
Tue Oct 28 19:06:16 WST 2008
I am wondering if it makes sense to put failed
attempts to login into the syslog including the
information like user and password ?
Right now it only logs information that there
is a failed attempt when there is invalid user.
The motivation for writing these information into
syslog is to figure out if there is an auditable trail
of the brute force attempts ( example dictionary attack )
or just the user forgot the password.
I supposed the downside this scheme is that
whoever got hold of read access to the log
will know what is considered invalid attempts ?
Any comments ?
More information about the Dropbear
mailing list