conf/107560: Change matching expression in
periodic/security/800.loginfail
Christian Laursen
cfsl at pil.dk
Fri Jan 5 00:50:17 PST 2007
>Number: 107560
>Category: conf
>Synopsis: Change matching expression in periodic/security/800.loginfail
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 05 08:50:16 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Christian Laursen
>Release: FreeBSD 6.2-RC1 amd64
>Organization:
pil.dk
>Environment:
System: FreeBSD badtrans.pil.dk 6.2-RC1 FreeBSD 6.2-RC1 #5: Mon Dec 4 13:20:23 CET 2006 root at fahrenheit.pil.dk:/usr/obj/usr/dana/src/freebsd6/src/sys/X2100 amd64
>Description:
The current regular expression used to match login failures matches everything
if the hostname happens to include one of the words that it looks for.
The attached small patch ensures that matching for those keywords is not done
on the hostname part of the log lines.
>How-To-Repeat:
>Fix:
--- 800.loginfail.diff begins here ---
--- 800.loginfail.orig Fri Jan 5 08:56:12 2007
+++ 800.loginfail Fri Jan 5 09:10:26 2007
@@ -59,7 +59,7 @@
[Yy][Ee][Ss])
echo ""
echo "${host} login failures:"
- n=$(catmsgs | egrep -ia "^$yesterday.*(fail|invalid|bad|illegal)" |
+ n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" |
tee /dev/stderr | wc -l)
[ $n -gt 0 ] && rc=1 || rc=0;;
*) rc=0;;
--- 800.loginfail.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list