[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] another suggestion: security improvements
- Subject: Re: [cobalt-security] another suggestion: security improvements
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Fri, 15 Sep 2000 22:53:03 +0100 (BST)
On Fri, 15 Sep 2000, Florian Effenberger wrote:
> Hi,
>
> I have another suggestion: more security improvements. The admin user
> should get a message (if he enables it), when a
>
> * POP3
> * telnet
> * su
> * SMTP
> * IMAP
> * FTP
> * WEB/htaccess
>
> failure logon occurs. Example: someone tries logging in as root/admin
> via telnet with the wrong password -> mail is being sent to the
> administrator.
>
> Thanks,
> Florian
This is fine, except you are asking for DoS attacks (somebody runs a brute
force program against telnet and you'd have a massive root mailbox).
I'd rather Cobalt made a section in the Admin interface to view the log
files, and filter them for things like failed logins. One could only
wish.