[Extension] utmpx and LOGIN_FAILURE
Ed Schouten
ed at 80386.nl
Sat May 1 13:05:18 UTC 2010
Hi all,
Some time ago I noticed some operating systems offer an interface called
btmp, which is essentially a wtmp for logging failed login attempts.
Instead of taking the same approach, I'd rather do something as follows:
http://80386.nl/pub/utmpx-login_failure.diff.txt
This patch adds a new utmpx log entry type called LOGIN_FAILURE.
Unfortunately we are the only operating system that does it this way,
but I suspect if we can already get OpenSSH and PAM to use this
interface, we've got reasonable coverage. The patch only has the
modifications for OpenSSH.
An example of what this looks like:
| $ last | grep failed
| sdlfkjdf mekker.80386.nl Sat May 1 14:14 login failed
The idea behind having this, is to make logging of such failed attempts
more generic and easier to obtain. It would be quite nice if
applications like DenyHosts can simply harvest this database using
getutxent(3), instead of using all sorts of regular expressions on the
log files.
Any thoughts on this subject?
--
Ed Schouten <ed at 80386.nl>
WWW: http://80386.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20100501/cb1f55c3/attachment.pgp
More information about the freebsd-arch
mailing list