[Tickets #11601] Re: User is not authorized for horde
noreply at bugs.horde.org
noreply at bugs.horde.org
Wed Mar 13 12:10:37 UTC 2013
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/11601
------------------------------------------------------------------------------
Ticket | 11601
Updated By | arjen+horde at de-korte.org
Summary | User is not authorized for horde
Queue | Horde Framework Packages
Version | Git master
Type | Bug
State | Not A Bug
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
arjen+horde at de-korte.org (2013-03-13 12:10) wrote:
> The problem is that this is not a sufficient priority to be able to
> easily catch brute-force attacks on a system.
While I agree that one wants to be alerted when a brute-force attack
is ongoing, logging every failed connection with a severity EMERG is
just not what administrators expect. See RFC 5424:
Numerical Severity
Code
0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level messages
Table 2. Syslog Message Severities
> So you set it to a lower level and then someone can hammer your box
> 1,000,000 times an hour and you won't see anything in your logs. Bad
> idea.
I'd prefer that over having to explain to administrators that they
don't have to worry about messages being logged with severity EMERG.
From http://en.wikipedia.org/wiki/Syslog
Emergency - A "panic" condition usually affecting multiple
apps/servers/sites. At this level it would usually notify all tech
staff on call.
More information about the bugs
mailing list