conf/125041: [patch] New file: /etc/periodic/security/810.loginok

Fri Jun 27 09:20:06 UTC 2008

>Number:         125041
>Category:       conf
>Synopsis:       [patch] New file: /etc/periodic/security/810.loginok
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 27 09:20:05 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Alexander Kubrack <a at tim.ua>
>Release:        FreeBSD 7.0-STABLE
>Organization:
>Environment:
FreeBSD aw 7.0-STABLE FreeBSD 7.0-STABLE #0: Thu Apr 10 15:38:31 EEST 2008     root at aw:/usr/obj/usr/src/sys/AW  i386

>Description:
For hosts with high security level and which not have very many users, such routers, DB servers etc there is sense to daily check sucsessful logins, like login failures checked now by /etc/periodic/security/800.loginfail.
Suggest to create periodic script /etc/periodic/security/810.loginok (attached) and new variable daily_status_security_loginok_enable in periodic.conf.
>How-To-Repeat:

>Fix:
Save the attached script as /etc/periodic/security/810.loginok
and add this line to /etc/periodic.conf:
daily_status_security_loginok_enable="YES"

Suggested default entry for /etc/defaults/periodic.conf:
# 810.loginok
daily_status_security_loginok_enable="NO"

Patch attached with submission follows:

#!/bin/sh -
#

#
# Show succesful logins
#

# If there is a global system configuration file, suck it in.
#
if [ -r /etc/defaults/periodic.conf ]
then
    . /etc/defaults/periodic.conf
    source_periodic_confs
fi

LOG="${daily_status_security_logdir}"

yesterday=`date -v-1d "+%b %e "`

catmsgs() {
	find ${LOG} -name 'auth.log.*' -mtime -2 |
	    sort -t. -r -n -k 2,2 |
	    while read f
	    do
		case $f in
		    *.gz)	zcat -f $f;;
		    *.bz2)	bzcat -f $f;;
		esac
	    done
	[ -f ${LOG}/auth.log ] && cat $LOG/auth.log
}

case "$daily_status_security_loginok_enable" in
    [Yy][Ee][Ss])
        echo ""
        echo "${host} succesful logins:"
        n=$(catmsgs | grep -ia "^$yesterday.*[Aa]ccept" |
            tee /dev/stderr | wc -l)
        [ $n -gt 0 ] && rc=1 || rc=0;;
    *)  rc=0;;
esac

exit $rc

>Release-Note:
>Audit-Trail:
>Unformatted: