Date: Sat, 1 May 2010 14:45:44 +0200 From: Ed Schouten <ed@80386.nl> To: freebsd-arch@FreeBSD.org Subject: [Extension] utmpx and LOGIN_FAILURE Message-ID: <20100501124544.GR56080@hoeg.nl>
next in thread | raw e-mail | index | archive | help
--7aQJ/pUO7E0NVzIB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi all, Some time ago I noticed some operating systems offer an interface called btmp, which is essentially a wtmp for logging failed login attempts. Instead of taking the same approach, I'd rather do something as follows: http://80386.nl/pub/utmpx-login_failure.diff.txt This patch adds a new utmpx log entry type called LOGIN_FAILURE. Unfortunately we are the only operating system that does it this way, but I suspect if we can already get OpenSSH and PAM to use this interface, we've got reasonable coverage. The patch only has the modifications for OpenSSH. An example of what this looks like: | $ last | grep failed | sdlfkjdf mekker.80386.nl Sat May 1 14:14 login failed The idea behind having this, is to make logging of such failed attempts more generic and easier to obtain. It would be quite nice if applications like DenyHosts can simply harvest this database using getutxent(3), instead of using all sorts of regular expressions on the log files. Any thoughts on this subject? --=20 Ed Schouten <ed@80386.nl> WWW: http://80386.nl/ --7aQJ/pUO7E0NVzIB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAkvcIngACgkQ52SDGA2eCwW23gCbBAJ3nyAGxVuvVrCk7fCK9dCd MmMAn3ttAn/Ia2b9w+39ksvUCZxucUm6 =gdUC -----END PGP SIGNATURE----- --7aQJ/pUO7E0NVzIB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100501124544.GR56080>