Re: piece of mind

To: debian-devel@lists.debian.org
Subject: Re: piece of mind
From: Ansgar Burchardt <ansgar@43-1.org>
Date: Tue, 21 Oct 2014 16:32:33 +0200
Message-id: <[🔎] 54466E81.3060904@43-1.org>
In-reply-to: <[🔎] 20141021141316.GA420@auth.logic.tuwien.ac.at>
References: <20141008094341.70ae279a@mydesq2.domain.cxm> <20141008150137.GA29853@debian> <[🔎] 8738atz2m6.fsf@yun.yagibdah.de> <[🔎] 20141013082911.GK3964@smurf.noris.de> <[🔎] 1413786395@msgid.manchmal.in-ulm.de> <[🔎] 20141020143933.GB24156@smurf.noris.de> <[🔎] alpine.DEB.2.11.1410201737090.7116@tglase.lan.tarent.de> <[🔎] 87iojehbqb.fsf@rincewind.i-did-not-set--mail-host-address--so-tickle-me> <[🔎] 54465822.1080600@fastmail.fm> <[🔎] 1413900190.4673.249.camel@dsp0698014> <[🔎] 20141021141316.GA420@auth.logic.tuwien.ac.at>

On 10/21/2014 04:13 PM, Norbert Preining wrote:
> On Tue, 21 Oct 2014, Josselin Mouette wrote:
>> not possible to split the system cgroups arbitrator from the process
>> which starts services and sessions in cgroups. It is not possible to
>> ensure the relation of a log to a service if you do not have awareness
>> of how the service was launched. Et caetera. 
> 
> And surely that didn't work the last 20 years ... 

It did not work, yes. That's why, for example, fail2ban can be used by
local users to deny access to other users[1].

If logging information includes additional information, you could make
fail2ban only block users if the log messages about failed logins come
from the SSH service.

Ansgar

  [1]
<http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Possibility_of_DOS_attack_by_a_local_user>

Reply to:

Follow-Ups:
- Re: piece of mind
  - From: Martin Read <zen75502@zen.co.uk>

References:
- piece of mind (Re: Moderated posts?)
  - From: lee <lee@yagibdah.de>
- Re: piece of mind (Re: Moderated posts?)
  - From: Matthias Urlichs <matthias@urlichs.de>
- Re: piece of mind
  - From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
- Re: piece of mind
  - From: Matthias Urlichs <matthias@urlichs.de>
- Re: piece of mind
  - From: Thorsten Glaser <tg@mirbsd.de>
- Re: piece of mind
  - From: Axel Wagner <mero@merovius.de>
- Re: piece of mind
  - From: The Wanderer <wanderer@fastmail.fm>
- Re: piece of mind
  - From: Josselin Mouette <joss@debian.org>
- Re: piece of mind
  - From: Norbert Preining <preining@logic.at>

Prev by Date: Re: piece of mind
Next by Date: Re: piece of mind
Previous by thread: Re: piece of mind
Next by thread: Re: piece of mind
Index(es):
- Date
- Thread