conf/91732: [patch] 800.loginfail: fix log message grep
expression
Alan Amesbury
amesbury at umn.edu
Fri Mar 19 20:20:04 UTC 2010
The following reply was made to PR conf/91732; it has been noted by GNATS.
From: Alan Amesbury <amesbury at umn.edu>
To: bug-followup at FreeBSD.org
Cc: doconnor at gsoft.com.au,
trashcan at odo.in-berlin.de
Subject: Re: conf/91732: [patch] 800.loginfail: fix log message grep expression
Date: Fri, 19 Mar 2010 14:58:02 -0500
This is a multi-part message in MIME format.
--------------070601020601060300050303
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Although it's been a few years since Daniel O'Connor submitted his bug
report, it looks like this problem hasn't yet been fixed. I've also run
into problems with the simplistic expression used by 'egrep' in
800.loginfail, and have come up with my own correction (patch attached)
to correct for it based on a minimal approach to change. In my case the
simplistic nature of the regexp is causing it to match hashes that are
also being placed in the logs that 800.loginfail examines. Thus it
matches on things like
Mar 17 00:07:29 [REDACTED] [REDACTED][25063]: sha256:
9e0e0cb645a4cfabadc402fd7e6a38b297b04ac90fa3d4acdc14f027facbb5e7
because that hash happens to have the sequence "bad" in it.
PR conf/120263 seems related to this. What can I do to help get this
patched in -CURRENT and MFC'ed back to 8.0-RELEASE?
--
Alan Amesbury
OIT Security and Assurance
University of Minnesota
--------------070601020601060300050303
Content-Type: text/plain;
name="patch_for_800.loginfail"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="patch_for_800.loginfail"
--- 800.loginfail.ORIG 2010-03-19 14:42:46.000000000 -0500
+++ 800.loginfail 2010-03-19 14:43:10.000000000 -0500
@@ -59,7 +59,7 @@
[Yy][Ee][Ss])
echo ""
echo "${host} login failures:"
- n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" |
+ n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal) " |
tee /dev/stderr | wc -l)
[ $n -gt 0 ] && rc=1 || rc=0;;
*) rc=0;;
--------------070601020601060300050303--
More information about the freebsd-bugs
mailing list