[Extension] utmpx and LOGIN_FAILURE
David Schultz
das at FreeBSD.ORG
Mon May 10 16:39:38 UTC 2010
On Sat, May 01, 2010, Ed Schouten wrote:
> Some time ago I noticed some operating systems offer an interface called
> btmp, which is essentially a wtmp for logging failed login attempts.
> Instead of taking the same approach, I'd rather do something as follows:
>
> http://80386.nl/pub/utmpx-login_failure.diff.txt
>
> This patch adds a new utmpx log entry type called LOGIN_FAILURE.
> Unfortunately we are the only operating system that does it this way,
> but I suspect if we can already get OpenSSH and PAM to use this
> interface, we've got reasonable coverage. The patch only has the
> modifications for OpenSSH.
An important question is whether the purpose of utmpx is
accounting (keeping track of users' resource consumption) or
auditing (creating a record of events that are relevant to
security). My impression was that utmpx is mainly for the former,
whereas auditd is a better tool for the latter. This proposal
seems to conflate the two a bit; maybe utmpx isn't the right place
for this functionality.
More information about the freebsd-arch
mailing list