Re: bad login tracking

To: "Chad A. Adlawan" <chadi@archangel.8eight8.net.ph>
Cc: debian-user@lists.debian.org, mummert@murphy.debian.org
Subject: Re: bad login tracking
From: Carl Mummert <mummert@cs.wcu.edu>
Date: Tue, 27 Jul 1999 15:48:23 -0400
Message-id: <"DqL08D.A.WZH.B6gn3"@murphy>
In-reply-to: Message from "Chad A. Adlawan" <chadi@archangel.8eight8.net.ph> of "Wed, 28 Jul 1999 03:39:51 +0800." <[🔎] 19990728033951.A524@archangel.8eight8.net.ph>

>UNKNOWN  ttyp1        ruf2-6.evoserve. Tue Jul 27 21:13 - 21:13  (00:00)
>chadi    ttyp1        ruf2-6.evoserve. Tue Jul 27 21:12 - 21:12  (00:00)
>
>   question, is there any way for as to know as to what exactly is the 'guess'
> user name someone tried to enter w/c resulted in the UNKNOWN record for /var/
>log/btmp ?
>   we know that for the entry "chadi", that there really is a user chadi on th
>e system but his password was wrongly entered.  is there any way for us to cap
>ture and know what the wrongly enetered password is (guess password) and recor
>d it in some file ?

in /etc/login.defs, the following line controls whether unknown
usernames are recorded:


#
# Enable display of unknown usernames when login failures are recorded.
# 
LOG_UNKFAIL_ENAB        no

To get unknown passwords, you have to edit the source.

Note that this is a Bad Idea (to get the usernames or passwords)
since it tends to 1) give you a list of the users' passwords and
2) give others a well-known place to look for them too.
Any user can run lastb.

Carl

Reply to:

Follow-Ups:
- Re: bad login tracking
  - From: thomas lakofski <thomas@88.net>

References:
- bad login tracking
  - From: "Chad A. Adlawan" <chadi@archangel.8eight8.net.ph>

Prev by Date: System freezes unexpectedly
Next by Date: Re: System freezes unexpectedly
Previous by thread: bad login tracking
Next by thread: Re: bad login tracking
Index(es):
- Date
- Thread