On 10/21/2014 04:13 PM, Norbert Preining wrote: > On Tue, 21 Oct 2014, Josselin Mouette wrote: >> not possible to split the system cgroups arbitrator from the process >> which starts services and sessions in cgroups. It is not possible to >> ensure the relation of a log to a service if you do not have awareness >> of how the service was launched. Et caetera. > > And surely that didn't work the last 20 years ...
It did not work, yes. That's why, for example, fail2ban can be used by local users to deny access to other users[1]. If logging information includes additional information, you could make fail2ban only block users if the log messages about failed logins come from the SSH service. Ansgar [1] <http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Possibility_of_DOS_attack_by_a_local_user> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54466e81.3060...@43-1.org
