Date: Sat, 17 Sep 2005 14:53:02 +0400 From: Solar Designer <solar@...nwall.com> To: popa3d-users@...ts.openwall.com Subject: Re: Patch to include the username in all syslog messages Hi Fredrik, First of all, thank you for sharing the patch with popa3d-users! On Thu, Sep 15, 2005 at 12:39:33PM +0200, Fredrik Bj?rk wrote: > This may well be in some other contrib patch, but since I couldn't find a > link to the contrib directory, here it is. All non-historical contributed patches available in the contrib directory are linked from popa3d homepage at: http://www.openwall.com/popa3d/ The entire directory is available on the FTP site (and on its mirrors): ftp://ftp.openwall.com/pub/projects/popa3d/contrib/ > It is a patch that adds the > username (or mailbox, which should be the same most of the time) to all > syslog messages that popa3d writes. It is very useful for detecting users > that misspell usernames, or use incorrect case when typing the username. [...] > It is quite obvious that the patch helps our support staff quite a bit! Yes. Unfortunately, a side-effect is that you will also get some plaintext passwords logged since some users are dumb enough to enter their password in place of username. This was one of two reasons for not logging unknown usernames. The other reason is that unknown usernames may contain any "garbage" characters, including terminal controls, making it unsafe to browse logs on some systems (where syslogd does not filter or escape potential terminal controls) unless special precautions are taken (e.g., "less -U" is OK, "more" or plain "grep ..." with output to the terminal are not). Thanks again, -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments Was I helpful? Please give your feedback here: http://rate.affero.net/solar
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.