Re: console login : number of access failures

["Douglas A. Tutty" <dtutty@porchlight.ca>]

On Wed, Nov 28, 2007 at 02:18:23PM +0100, daniele pendenza wrote:
> 1- by default on our Debian system after a successful login through a 
> tty  we are presented with the number of failures (unsuccesful logins) 
> that took place before using the same login name.For a non root user 
> this number is correct.
> 
> But what about the root user ? That number is "correct" unless no one 
> tried to do "su logins" (login using the command su).
> Do you think that su-logins must be considered as "general logins" and 
> then the super user must know how many unsuccessful "su-logins" took 
> place  ? And what about the date and time of the last root login ? :-)
> Well, as a solution one could forbid the "su-login" but sometimes that 
> command can be useful.

I have pam set up so that only members of group adm can do su.  I also
have my logchecker email me auth failures.  Since root should never log
in directly (except at single-user), root wouldn't normally see such
login notices anyway.  


> 
> 2 - by default whenever I press CTRL-D to log out as a non root user the 
> screen is cleaned ... whenever I press CTRL-D to log out as a root user 
> the screen is not cleaned - and maybe a non root user can see what the 
> root did before ! Why did they choose this behavior ??
> 

So look in the user's .bash_logout and put the appropriate entry in
root's .bash_logout.

Doug.