Date: Fri, 13 Jan 2006 11:10:26 +1030 (CST) From: "Daniel O'Connor" <doconnor@gsoft.com.au> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/91732: Message-ID: <200601130040.k0D0eQva095714@cain.gsoft.com.au> Resent-Message-ID: <200601130050.k0D0oBMI035644@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 91732
>Category: bin
>Synopsis:
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 13 00:50:10 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Daniel O'Connor
>Release: FreeBSD 6.0-RELEASE amd64
>Organization:
>Environment:
System: FreeBSD cain.gsoft.com.au 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Wed Nov 2 19:07:38 UTC 2005 root@rat.samsco.home:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
/etc/periodic/security/800.loginfail uses a simplistic grep expression to find relevant log messages.
Unfortunately it misses some things that it shouldn't and shows others that are superfluous.
eg. sasl-auth login failures don't show up, but sshd warnings about non-matching forward/reverse
lookups are.
>How-To-Repeat:
>Fix:
--- /etc/periodic/security/800.loginfail.orig Thu Nov 3 04:23:36 2005
+++ /etc/periodic/security/800.loginfail Wed Jan 11 14:05:34 2006
@@ -59,7 +59,10 @@
[Yy][Ee][Ss])
echo ""
echo "${host} login failures:"
- n=$(catmsgs | grep -ia "^$yesterday.*fail" |
+ n=$(catmsgs | grep -ia "^$yesterday.*" |
+ grep -v 'Accepted' | grep -v 'logfile turned over' |
+ grep -v 'subsystem request for' |
+ grep -v 'reverse mapping checking getaddrinfo for' |
tee /dev/stderr | wc -l)
[ $n -gt 0 ] && rc=1 || rc=0;;
*) rc=0;;
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601130040.k0D0eQva095714>