conf/91732: [patch] 800.loginfail: fix log message grep expression

Alan Amesbury amesbury at umn.edu
Fri Mar 19 20:20:04 UTC 2010 

The following reply was made to PR conf/91732; it has been noted by GNATS.

From: Alan Amesbury <amesbury at umn.edu>
To: bug-followup at FreeBSD.org
Cc: doconnor at gsoft.com.au,
    trashcan at odo.in-berlin.de
Subject: Re: conf/91732: [patch] 800.loginfail: fix log message grep expression
Date: Fri, 19 Mar 2010 14:58:02 -0500

 This is a multi-part message in MIME format.
 --------------070601020601060300050303
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Although it's been a few years since Daniel O'Connor submitted his bug 
 report, it looks like this problem hasn't yet been fixed.  I've also run 
 into problems with the simplistic expression used by 'egrep' in 
 800.loginfail, and have come up with my own correction (patch attached) 
 to correct for it based on a minimal approach to change.  In my case the 
 simplistic nature of the regexp is causing it to match hashes that are 
 also being placed in the logs that 800.loginfail examines.  Thus it 
 matches on things like
 
 Mar 17 00:07:29 [REDACTED] [REDACTED][25063]:        sha256: 
 9e0e0cb645a4cfabadc402fd7e6a38b297b04ac90fa3d4acdc14f027facbb5e7
 
 
 because that hash happens to have the sequence "bad" in it.
 
 PR conf/120263 seems related to this.  What can I do to help get this 
 patched in -CURRENT and MFC'ed back to 8.0-RELEASE?
 
 
 -- 
 Alan Amesbury
 OIT Security and Assurance
 University of Minnesota
 
 --------------070601020601060300050303
 Content-Type: text/plain;
  name="patch_for_800.loginfail"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="patch_for_800.loginfail"
 
 --- 800.loginfail.ORIG	2010-03-19 14:42:46.000000000 -0500
 +++ 800.loginfail	2010-03-19 14:43:10.000000000 -0500
 @@ -59,7 +59,7 @@
      [Yy][Ee][Ss])
  	echo ""
  	echo "${host} login failures:"
 -	n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" |
 +	n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal) " |
  	    tee /dev/stderr | wc -l)
  	[ $n -gt 0 ] && rc=1 || rc=0;;
      *)	rc=0;;
 
 --------------070601020601060300050303--

More information about the freebsd-bugs mailing list