Monday, January 19, 2026

Re: Binary to read file /var/log/failedlogin

On Mon, Jan 19, 2026 at 07:52:34AM -0500, Nick Holland wrote:
> On 1/18/26 15:04, Avon Robertson wrote:
> > On Sun, Jan 18, 2026 at 03:10:49PM -0000, Stuart Henderson wrote:
> > > On 2026-01-18, Avon Robertson <avon.r@xtra.co.nz> wrote:
> > > > Initially, I will use your code to check for attempted logins on my
> > > > home router.
> > >
> > > is authlog not enough for that?
> > >
> > >
> > > --
> > > Please keep replies on the mailing list.
> > >
> >
> > Hello Stuart.
> >
> > Thank you for your reply. authlog is certainly helpful.
> >
> > As my router potentially provides an entry point to many machines,
> > I don't want to become complacent w.r.t. it's security.
> >
>
> IF you have the system exposed to the outside world, you will see thousands
> of failed login attempts per day. That's just normal on the Internet.
>
> It would probably be much more useful to list all SUCCESSFUL logins and
> make sure they can be explained. Otherwise, you are going to be looking
> for very tiny needles in a really big haystack. And there's not a whole
> lot you can do about the Internet trying to log into your networks.
> Simple fact of life. Much better to make sure all the needles are
> yours, and ignore the hay.
>
> Make sure you have only key logins accepted. That way, unless your private
> key escapes, you won't have a lot to worry about. And...do you really need
> to permit external logins? yes, often that is needed, I get it.
>
> (some will advocate moving SSH to a different port. That is NOT a security
> improvement...but it can significantly reduce the size of your logs, which
> may be a good thing. Personally, the failed login attempts are a great
> reminder to keep one's guard up: yes, they really are out to get you. :) )
>
> Nick.
>

Thank you for your relevant and helpful reply Nick.

To date I have seen/found nothing to alarm me in the router's logs.

The next paragraph is veering off topic but some users maybe unaware
that many entities 'phone home'.

I am wary of unwanted inbound and *outbound* traffic e.g.: I have PF
rules to prevent my network HP printer sending a copy of every file
that it prints, to an HP home base destination.

--
aer

No comments:

Post a Comment