Logging of unsuccessful login attempts
tito
farmatito at tiscali.it
Thu Nov 19 07:04:41 UTC 2020
On Wed, 18 Nov 2020 17:34:50 +0100 (CET)
<xvh at seznam.cz> wrote:
> Hello,
> we are implementing security monitoring in our project which is built
> on the top of BusyBox. I've found out that information about
> unsuccessful login attempts is logged to syslog only after the third
> attempt. This can be a problem if you want to monitor all login
> attempts. In addition in case user is redirected to login e.g. by
> getty then he is able to reset attempts count and then there is no
> log message after any number of attempts. In util-linux login there
> is logged every attempt.
>
> I would like to propose following patch to change authentication
> logging. I would also propose logging of unsuccessful attempts
> to /var/log/btmp (lastb) which seems to be completely missing now.
> But I want to ask for your opinion first.
>
> diff --git a/loginutils/login.c b/loginutils/login.c
> index 3531d1424..6e346079a 100644
> --- a/loginutils/login.c
> +++ b/loginutils/login.c
> @@ -508,8 +508,9 @@ int login_main(int argc UNUSED_PARAM, char **argv)
> bb_do_delay(LOGIN_FAIL_DELAY);
> /* TODO: doesn't sound like correct English phrase to
> me */ puts("Login incorrect");
> + syslog(LOG_WARNING, "invalid password for '%s'%s",
Hi
could making count a configurable option be a solution?
So that setting e.g CONFIG_MAX_LOGIN_ATTEMPTS to 1
logs everything and setting it to 3 keeps current behavior?
if (++count == CONFIG_MAX_LOGIN_ATTEMPTS) {
Just my 2 cents.
Ciao,
Tito
> username, fromhost); if (++count == 3) {
> - syslog(LOG_WARNING, "invalid password for
> '%s'%s",
> + syslog(LOG_WARNING, "too many login attempts
> for '%s'%s", username, fromhost);
>
> if (ENABLE_FEATURE_CLEAN_UP)
>
> Best Regards
>
> Vit
More information about the busybox
mailing list