logging of root logins
Arthur de Jong
arthur at West.NL
Fri Nov 9 02:02:05 EST 2001
On Thu, 8 Nov 2001, Markus Friedl wrote:
> hm, i don't think uid sharing is a standard unix feature.
I agree that it's not a very nice thing to do but I know several
organisations that use several ROOT accounts. It's nice to have several
passwords to access ROOT priviliges. (I know sudo or similar is better but
not as convenient).
> however, i think that we should drop this:
>
> authlog("%s %s for %s%.100s from %.200s port %d%s",
> authmsg,
> method,
> authctxt->valid ? "" : "illegal user ",
> authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user,
> get_remote_ipaddr(),
> get_remote_port(),
> info);
>
> and not print ROOT in caps:
>
> authlog("%s %s for %s%.100s from %.200s port %d%s",
> authmsg,
> method,
> authctxt->valid ? "" : "illegal user ",
> authctxt->user,
> get_remote_ipaddr(),
> get_remote_port(),
> info);
>
> do we really need backward compatibility for printing ROOT
> in upper case?
I personally like capatalized ROOT because it makes root logins stick out
in the logs. Maybe something like:
authlog("%s %s for %s%s%.100s from %.200s port %d%s",
authmsg,
method,
authctxt->valid ? "" : "illegal user ",
authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT user " : "",
authctxt->user,
get_remote_ipaddr(),
get_remote_port(),
info);
This would make it stand out and maybe keep it partially compatible with
logfile checkers. Or even:
authlog("%s %s for %s%.100s from %.200s port %d%s",
...
authctxt->valid ? ( authctxt->pw->pw_uid == 0 ? "ROOT user " : "" ) : "illegal user ",
...
-- arthur de jong - arthur at west.nl - west consulting b.v. --
More information about the openssh-unix-dev
mailing list