Re: D-bus integration

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Maybe this (putting login success/failure notifications onto D-bus) would
be a good thing for a PAM plugin to handle.

-Travis

>
> Gregory Seidman wrote in
>  <ZhiabssA26w1CDDz@xxxxxxxxxxxxx>:
>  |Given the most recent security scare with distribution-patched sshd
> having
>  |a backdoor because it indirectly linked to xz, I'd expect sentiment to be
>  |strongly against adding any integrations.
>  |
>  |While there is some utility to what you are suggesting, maybe it makes
> more
>  |sense to split apart the fail2ban log parsing from its jail functionality
>  |and use it to parse logs onto D-bus. Let's keep sshd as simple and secure
>  |as it can be.
>
> There is blacklistd, now, for asylumatic read and golden yellow
> reasons, blocklistd.  It does this for a decade.
> Part of FreeBSD and originally from Christos Zoulas, NetBSD.
> (Though, last i looked, it really only notifies failed login
> attempts.)
> I do agree strongly, in that i personally very much think so, that
> recreating state from parsing log files is an atrocity.  Ie, for
> the purpose of filtering out bad actors at least, for interacting
> with the firewall that is, *live* and for operational purposes
> that is, lastly.
> Granted there are deep-inspecting firewalls and such which look
> into protocols; i think all Microsoft Virus stuff works like this,
> and Kaspersky is no longer allowed to do so, if i got this right.
> I dunno, as can be seen.
>
> --steffen
> |
> |Der Kragenbaer,                The moon bear,
> |der holt sich munter           he cheerfully and one by one
> |einen nach dem anderen runter  wa.ks himself off
> |(By Robert Gernhardt)
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux