Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Feb 2014 23:43:50 +0000 (UTC)
From:      Christian Brueffer <brueffer@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r262273 - head/etc/periodic/security
Message-ID:  <201402202343.s1KNhoJR019119@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: brueffer
Date: Thu Feb 20 23:43:49 2014
New Revision: 262273
URL: http://svnweb.freebsd.org/changeset/base/262273

Log:
  Further refine the auth fail regex to catch more auth failures and
  reduce false positives.
  
  The committed patch was provided by Christian Marg.
  
  PR:		91732
  Submitted by:	Daniel O'Connor <doconnor at gsoft.com.au>
  		Skye Poier <spoier at gmail.com>
  		Alan Amesbury <amesbury at umn.edu>
  		Christian Marg <marg at rz.tu-clausthal.de>
  MFC after:	1 month

Modified:
  head/etc/periodic/security/800.loginfail

Modified: head/etc/periodic/security/800.loginfail
==============================================================================
--- head/etc/periodic/security/800.loginfail	Thu Feb 20 23:18:30 2014	(r262272)
+++ head/etc/periodic/security/800.loginfail	Thu Feb 20 23:43:49 2014	(r262273)
@@ -64,7 +64,7 @@ if check_yesno_period security_status_lo
 then
 	echo ""
 	echo "${host} login failures:"
-	n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" |
+	n=$(catmsgs | egrep -ia "^$yesterday.*: .*\b(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\b" |
 	    tee /dev/stderr | wc -l)
 	[ $n -gt 0 ] && rc=1 || rc=0
 fi



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201402202343.s1KNhoJR019119>