I must apologize, I should have been more clear. I meant is there a way
radius can log the !root password attempts as well as individual user
attempts. The ultimate goal of this is a program tha tscans the radius log
daily looking for a threshold number of attempts. Right now 15 is the
magic number...high enuff to make it visible somebody's knockin and low
enuff to actually catch the attempt.
that way we could tr/UNKNOWN/gotcha/g
Rob
On Fri, 11 Jul 1997, Jon Lewis wrote:
> I think he's saying it should at the very least be doing something like:
>
> Jul 11 23:19:34 yoda login[30526]: invalid password for `blaha' on `ttyt0'
> from `fubar.fubar.fdt'
> or
> Jul 11 23:19:34 yoda login[30526]: invalid password for UNKNOWN on `ttyt0'
> from `fubar.fubar.fdt'
>
> s/login/radiusd/g
>
> That way, if someone's trying to brute force telneting into your term
> servers, you'd know about it. Logging the username isn't a big deal if
> you consider they'd need root access to grab the log file, and if they can
> grab random files, they'll probably be running Crack on your shadow file
> anyway.
>
> ------------------------------------------------------------------
> Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
> Network Administrator | be proof-read for $199/message.
> Florida Digital Turnpike |
> ________Finger jlewis@inorganic5.fdt.net for PGP public key_______
>
Systems Programmer "Open the doors of your stores
rob@fgi.net 24 hours a day"
morgan@springpatch.com Springpatch Mall
http://www.springpatch.com