Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Apr 2000 07:07:36 -0500
From:      "Jim C. Nasby" <jim@nasby.net>
To:        freebsd-stable@freebsd.org
Subject:   /etc/security checking wrong file for login failures?
Message-ID:  <38FEF308.1C6783CB@nasby.net>
next in thread | raw e-mail | index | archive | help 
On my 4.0-stable system (last cvsup'd Mar 28), this is the end of
/etc/security (I broke the zcat line across two lines for this email):

echo "${host} login failures:"
zcat -f $LOG/messages.0* $LOG/messages | grep -i \
	"^$yesterday.*login failure"

# Show tcp_wrapper warning messages
#
separator
echo "${host} refused connections:"
zcat -f $LOG/messages.0* $LOG/messages | grep -i \
	"^$yesterday.*refused connect"

Shouldn't it be checking $LOG/messages instead of messages.0*? The
default newsyslog.conf on this system rotates /var/log/messages when it
hits 100k; maybe /etc/security is expecting it to be rotated daily.

I think the following would solve this:
echo "${host} login failures:"
if [ -f $LOG/messages ]; then
        grep -i "^$yesterday.*login failure" $LOG/messages
        if [ -f $LOG/messages.0* ]; then
                zcat -f $LOG/messages.0* $LOG/messages | grep -i \
			"^$yesterday.*login failure"
        fi
else
        echo "$LOG/messages does not exist!"
fi

# Show tcp_wrapper warning messages
#
separator
echo "${host} refused connections:"
if [ -f $LOG/messages ]; then
        grep -i "^$yesterday.*refused connect" $LOG/messages
        if [ -f $LOG/messages.0* ]; then
                zcat -f $LOG/messages.0* $LOG/messages | grep -i \
			"^$yesterday.*refused connect"
        fi
else
        echo "$LOG/messages does not exist!"
fi

Again, I split the zcat line for this email.

I guess I should probaby have done a PR on this, but I wasn't sure if
there was a good reason for the way things were setup that was escaping
me.
-- 
Jim C. Nasby (aka Decibel!)                                  /^\ 
jim@nasby.net                                               /___\
Freelance lighting designer and database developer         /  |  \
Member: Triangle Fraternity, Sports Car Club of America   /___|___\

Give your computer some brain candy! www.distributed.net Team #1828
Get paid to surf!! http://www.enteract.com/~nasby/alladvantage.html


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38FEF308.1C6783CB>