What to do about nologin(8)?
Doug Rabson
dfr at nlsystems.com
Mon Feb 23 11:59:02 PST 2004
On Mon, 2004-02-23 at 17:45, Colin Percival wrote:
> As anyone who reads cvs-all (or Mark Johnston's wonderful
> summaries thereof) will know, I recently added logging into
> nologin(8): Instead of simply printing an error message, it
> now (via syslog) records the refused login attempt.
> For security reasons, nologin(8) must be statically linked;
> as a result, adding logging has increased the binary size by
> slightly over 100K (on i386). For historical reasons (which
> is to say, "nobody seems to know why"), nologin is located in
> /sbin, which means that this has a non-trivial effect upon
> the space used on the root partition. Some people are unhappy
> about this.
> I can see a number of possible options; I'd like to hear
> opinions on which would be the best.
>
How about:
7: Use 'system("logger ...") to log the failed login?
More information about the freebsd-current
mailing list