Re: masking out invalid root logins with logcheck?

To: debian-security@lists.debian.org
Subject: Re: masking out invalid root logins with logcheck?
From: Michael Stone <mstone@debian.org>
Date: Mon, 08 May 2006 17:15:31 -0400
Message-id: <[🔎] 20060508211529.GN16533@mathom.us>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20060508190637.GB19384@darkmoon.home>
References: <[🔎] 20060507071153.GA9693@lapse.madduck.net> <[🔎] 20060508190637.GB19384@darkmoon.home>

On Mon, May 08, 2006 at 09:06:37PM +0200, Emanuele Rocca wrote:

The only situation I've been able to imagine is a human error leading to
a change to your security policy.

For instance, a co-worker which temporary allows remote root logins, god
knows why. I'd be sad of my choice of filtering out root login attempts
in that case.

If this configuration error happened and root logins were suddenlyallowed, it would be less effective to focus on a reduction in failedroot logins than on the sudden presence of successful root logins.


Mike Stone

Reply to:

References:
- masking out invalid root logins with logcheck?
  - From: martin f krafft <madduck@debian.org>
- Re: masking out invalid root logins with logcheck?
  - From: Emanuele Rocca <ema@debian.org>

Prev by Date: Re: masking out invalid root logins with logcheck?
Next by Date: Re: Debian bind DNS
Previous by thread: Re: masking out invalid root logins with logcheck?
Next by thread: Debian bind DNS
Index(es):
- Date
- Thread