[Discuss] deadmanish login?

[Richard Pieri]

On 1/30/2017 8:46 PM, Dan Ritter wrote:
> Obvious implementation methods:

If you're kicking off (semi-)unauthorized users and notifying on those
actions then you're doing intrusion detection.

You could use OSSEC but this might be overkill for the specific task.

You could do a clumsy IDS with the Linux user auditing tools (psacct)
and query the auditing information from... I dunnow... maybe a Nagios
plugin or a Splunk query.

-- 
\m/ (--) \m/