misc/66726: /etc/periodic/security/ 800.loginfail script reports
failed logins from previous year
Mark Steven Baker
msbaker at cs.uoregon.edu
Sun May 16 23:00:42 PDT 2004
>Synopsis: /etc/periodic/security/ 800.loginfail script reports failed logins from previous year
>Arrival-Date: Sun May 16 23:00:39 PDT 2004
>Originator: Mark Steven Baker
>Release: 4.8 Release
FreeBSD xxxxx 4.8-RELEASE FreeBSD 4.8-RELEASE
The 800.loginfail script in /etc/periodic/security that normally runs
via cron every night is supposed to report login failures from /var/log/auth.log for the previous day and email this to root as part of the daily security report.
If a single auth.log file exists on a system with a year of syslog data, the current script will report failed login errors from the previous date one year earlier as well.
Edit the /var/log/auth.log file, creating some bogus login failures for one year earlier than the previous day. Then manually run the
/etc/periodic/security/800.loginfail script and see that these year-old login failures are reported.
I had some trouble understanding the catmsg function in 800.loginfail, so I can't suggest a fix.
More information about the freebsd-bugs