Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 17 Sep 2005 14:53:02 +0400
From: Solar Designer <solar@...nwall.com>
To: popa3d-users@...ts.openwall.com
Subject: Re: Patch to include the username in all syslog messages

Hi Fredrik,

First of all, thank you for sharing the patch with popa3d-users!

On Thu, Sep 15, 2005 at 12:39:33PM +0200, Fredrik Bj?rk wrote:
> This may well be in some other contrib patch, but since I couldn't find a 
> link to the contrib directory, here it is.

All non-historical contributed patches available in the contrib
directory are linked from popa3d homepage at:

	http://www.openwall.com/popa3d/

The entire directory is available on the FTP site (and on its mirrors):

	ftp://ftp.openwall.com/pub/projects/popa3d/contrib/

> It is a patch that adds the 
> username (or mailbox, which should be the same most of the time) to all 
> syslog messages that popa3d writes. It is very useful for detecting users 
> that misspell usernames, or use incorrect case when typing the username.
[...]
> It is quite obvious that the patch helps our support staff quite a bit!

Yes.  Unfortunately, a side-effect is that you will also get some
plaintext passwords logged since some users are dumb enough to enter
their password in place of username.  This was one of two reasons for
not logging unknown usernames.  The other reason is that unknown
usernames may contain any "garbage" characters, including terminal
controls, making it unsafe to browse logs on some systems (where syslogd
does not filter or escape potential terminal controls) unless special
precautions are taken (e.g., "less -U" is OK, "more" or plain "grep ..."
with output to the terminal are not).

Thanks again,

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ