Date: Fri, 13 Jan 2006 11:10:26 +1030 (CST) From: "Daniel O'Connor" <doconnor@gsoft.com.au> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/91732: Message-ID: <200601130040.k0D0eQva095714@cain.gsoft.com.au> Resent-Message-ID: <200601130050.k0D0oBMI035644@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 91732 >Category: bin >Synopsis: >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jan 13 00:50:10 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Daniel O'Connor >Release: FreeBSD 6.0-RELEASE amd64 >Organization: >Environment: System: FreeBSD cain.gsoft.com.au 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Wed Nov 2 19:07:38 UTC 2005 root@rat.samsco.home:/usr/obj/usr/src/sys/GENERIC amd64 >Description: /etc/periodic/security/800.loginfail uses a simplistic grep expression to find relevant log messages. Unfortunately it misses some things that it shouldn't and shows others that are superfluous. eg. sasl-auth login failures don't show up, but sshd warnings about non-matching forward/reverse lookups are. >How-To-Repeat: >Fix: --- /etc/periodic/security/800.loginfail.orig Thu Nov 3 04:23:36 2005 +++ /etc/periodic/security/800.loginfail Wed Jan 11 14:05:34 2006 @@ -59,7 +59,10 @@ [Yy][Ee][Ss]) echo "" echo "${host} login failures:" - n=$(catmsgs | grep -ia "^$yesterday.*fail" | + n=$(catmsgs | grep -ia "^$yesterday.*" | + grep -v 'Accepted' | grep -v 'logfile turned over' | + grep -v 'subsystem request for' | + grep -v 'reverse mapping checking getaddrinfo for' | tee /dev/stderr | wc -l) [ $n -gt 0 ] && rc=1 || rc=0;; *) rc=0;; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601130040.k0D0eQva095714>