> > Got a question... Does the portmaster log failed telnet attempts to the
> > radius files? If it doesn't by default is there some way it could be
> > coaxed into logging failed attempts? Basically what we want is to log the
> > failed attempt, the username and ip the attempt came from and to really
> > give us that warm fuzzy feeling we'd like to log the username and
> > passwords used.
>
> If you log the passwords you will get incorrect passwords for normal users
> accounts, from which it would be a small brute-force space to guess the
>...
> If you log the failed usernames, you might also get passwords. This was
> pointed out on a security list.
I think he's saying it should at the very least be doing something like:
Jul 11 23:19:34 yoda login[30526]: invalid password for `blaha' on `ttyt0'
from `fubar.fubar.fdt'
or
Jul 11 23:19:34 yoda login[30526]: invalid password for UNKNOWN on `ttyt0'
from `fubar.fubar.fdt'
s/login/radiusd/g
That way, if someone's trying to brute force telneting into your term
servers, you'd know about it. Logging the username isn't a big deal if
you consider they'd need root access to grab the log file, and if they can
grab random files, they'll probably be running Crack on your shadow file
anyway.
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/message.
Florida Digital Turnpike |
________Finger jlewis@inorganic5.fdt.net for PGP public key_______