Re: piece of mind
On 10/21/2014 04:13 PM, Norbert Preining wrote:
> On Tue, 21 Oct 2014, Josselin Mouette wrote:
>> not possible to split the system cgroups arbitrator from the process
>> which starts services and sessions in cgroups. It is not possible to
>> ensure the relation of a log to a service if you do not have awareness
>> of how the service was launched. Et caetera.
> And surely that didn't work the last 20 years ...
It did not work, yes. That's why, for example, fail2ban can be used by
local users to deny access to other users.
If logging information includes additional information, you could make
fail2ban only block users if the log messages about failed logins come
from the SSH service.