Date: Thu, 20 Apr 2000 07:07:36 -0500 From: "Jim C. Nasby" <jim@nasby.net> To: freebsd-stable@freebsd.org Subject: /etc/security checking wrong file for login failures? Message-ID: <38FEF308.1C6783CB@nasby.net>
next in thread | raw e-mail | index | archive | help
On my 4.0-stable system (last cvsup'd Mar 28), this is the end of /etc/security (I broke the zcat line across two lines for this email): echo "${host} login failures:" zcat -f $LOG/messages.0* $LOG/messages | grep -i \ "^$yesterday.*login failure" # Show tcp_wrapper warning messages # separator echo "${host} refused connections:" zcat -f $LOG/messages.0* $LOG/messages | grep -i \ "^$yesterday.*refused connect" Shouldn't it be checking $LOG/messages instead of messages.0*? The default newsyslog.conf on this system rotates /var/log/messages when it hits 100k; maybe /etc/security is expecting it to be rotated daily. I think the following would solve this: echo "${host} login failures:" if [ -f $LOG/messages ]; then grep -i "^$yesterday.*login failure" $LOG/messages if [ -f $LOG/messages.0* ]; then zcat -f $LOG/messages.0* $LOG/messages | grep -i \ "^$yesterday.*login failure" fi else echo "$LOG/messages does not exist!" fi # Show tcp_wrapper warning messages # separator echo "${host} refused connections:" if [ -f $LOG/messages ]; then grep -i "^$yesterday.*refused connect" $LOG/messages if [ -f $LOG/messages.0* ]; then zcat -f $LOG/messages.0* $LOG/messages | grep -i \ "^$yesterday.*refused connect" fi else echo "$LOG/messages does not exist!" fi Again, I split the zcat line for this email. I guess I should probaby have done a PR on this, but I wasn't sure if there was a good reason for the way things were setup that was escaping me. -- Jim C. Nasby (aka Decibel!) /^\ jim@nasby.net /___\ Freelance lighting designer and database developer / | \ Member: Triangle Fraternity, Sports Car Club of America /___|___\ Give your computer some brain candy! www.distributed.net Team #1828 Get paid to surf!! http://www.enteract.com/~nasby/alladvantage.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38FEF308.1C6783CB>