input_trouble : pattern
If a user's keystroke input matches this pattern, then an alert is generated.
edited_input_trouble : pattern
If a user's keystroke input matches this pattern, taking into account backspace and delete characters, then an alert is generated.
full_input_trouble : pattern
If this pattern is matched in a full line of input, an alert is generated.
input_wait_for_output : pattern
The same as edited_input_trouble
, except that the alert is
delayed until the corresponding output is seen, so that both may be
logged together.
output_trouble : pattern
If the login output matches this pattern, an alert is generated.
full_output_trouble : pattern
Similar to output_trouble
, but the pattern must match the
entire output.
backdoor_prompts : pattern
If the login output matches this text, but not
non_backdoor_prompts
, generate a possible-backdoor alert.
non_backdoor_prompts : pattern
See backdoor_prompts
.
hot_terminal_types : pattern
If the terminal type used matches this pattern, generate an alert.
hot_telnet_orig_ports : set[port]
If the source port of a telnet connection is in this set, generate an alert.
skip_authentication : set[string]
If a string in this set appears where an authentication prompt would normally, skip processing of authentication (typically for an unauthenticated system). Fixme: Please verify.
Note: This variable isconst
, so may only be changed viaredef
.
login_prompts : set[string]
The set of strings that are recognized as login prompts anywhere on a line, e.g., “Login:”.
Note: This variable isconst
, so may only be changed viaredef
.
login_failure_msgs : set[string]
If any of these strings appear on a line following an authentication attempt, the attempt is considered to have failed, unless a string fromlogin_non_failure_msgs
also appears on the line. This set has higher precedence thanlogin_success_msgs
, and the same precedence aslogin_timeouts
.
Note: This variable isconst
, so may only be changed viaredef
.
login_non_failure_msgs : set[string]
If any of these strings appear on a line following an authentication attempt, the connection is not considered to have failed even iflogin_failure_msgs
indicates otherwise.
Note: This variable isconst
, so may only be changed viaredef
.
login_success_msgs : set[string]
If any of these messages is seen, the connection attempt is assumed to have succeeded. This set has lower precedence thanlogin_failure_msgs
andlogin_timeouts
.
Note: This variable isconst
, so may only be changed viaredef
.
login_timeouts : set[string]
If any of these messages is seen during the login phase, the connection attempt is assumed to have timed out. This set has higher precedence thanlogin_success_msgs
, and the same precedence aslogin_failure_msgs
.
router_prompts : pattern
Fixme: Don't know what this is
non_ASCII_hosts : set[addr]
The set of hosts that do not use ASCII (and to whom logins are thus not processed).
skip_logins_to : set[addr]
Do not process logins to this set of hosts.
always_hot_login_ids : pattern
Login names which generate an alert even if the login is not successful.
hot_login_ids : pattern
Login names which generate an alert, if the login is successful.
rlogin_id_okay_if_no_password_exposed : set[string]
Login names in this set are those which are normally considered sensitive, but are allowed if the associated password is not exposed.
login_sessions : table[conn_id] of login_session_info
A table, indexed by connection ID, of login_session_info
records, characterizing each login session.