bin/91732:
Daniel O'Connor
doconnor at gsoft.com.au
Thu Jan 12 16:50:12 PST 2006
>Number: 91732
>Category: bin
>Synopsis:
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 13 00:50:10 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Daniel O'Connor
>Release: FreeBSD 6.0-RELEASE amd64
>Organization:
>Environment:
System: FreeBSD cain.gsoft.com.au 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Wed Nov 2 19:07:38 UTC 2005 root at rat.samsco.home:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
/etc/periodic/security/800.loginfail uses a simplistic grep expression to find relevant log messages.
Unfortunately it misses some things that it shouldn't and shows others that are superfluous.
eg. sasl-auth login failures don't show up, but sshd warnings about non-matching forward/reverse
lookups are.
>How-To-Repeat:
>Fix:
--- /etc/periodic/security/800.loginfail.orig Thu Nov 3 04:23:36 2005
+++ /etc/periodic/security/800.loginfail Wed Jan 11 14:05:34 2006
@@ -59,7 +59,10 @@
[Yy][Ee][Ss])
echo ""
echo "${host} login failures:"
- n=$(catmsgs | grep -ia "^$yesterday.*fail" |
+ n=$(catmsgs | grep -ia "^$yesterday.*" |
+ grep -v 'Accepted' | grep -v 'logfile turned over' |
+ grep -v 'subsystem request for' |
+ grep -v 'reverse mapping checking getaddrinfo for' |
tee /dev/stderr | wc -l)
[ $n -gt 0 ] && rc=1 || rc=0;;
*) rc=0;;
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list