conf/125041: [patch] New file: /etc/periodic/security/810.loginok
Alexander Kubrack <a at tim.ua>
a at tim.ua
Fri Jun 27 09:20:06 UTC 2008
>Number: 125041
>Category: conf
>Synopsis: [patch] New file: /etc/periodic/security/810.loginok
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Jun 27 09:20:05 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Alexander Kubrack <a at tim.ua>
>Release: FreeBSD 7.0-STABLE
>Organization:
>Environment:
FreeBSD aw 7.0-STABLE FreeBSD 7.0-STABLE #0: Thu Apr 10 15:38:31 EEST 2008 root at aw:/usr/obj/usr/src/sys/AW i386
>Description:
For hosts with high security level and which not have very many users, such routers, DB servers etc there is sense to daily check sucsessful logins, like login failures checked now by /etc/periodic/security/800.loginfail.
Suggest to create periodic script /etc/periodic/security/810.loginok (attached) and new variable daily_status_security_loginok_enable in periodic.conf.
>How-To-Repeat:
>Fix:
Save the attached script as /etc/periodic/security/810.loginok
and add this line to /etc/periodic.conf:
daily_status_security_loginok_enable="YES"
Suggested default entry for /etc/defaults/periodic.conf:
# 810.loginok
daily_status_security_loginok_enable="NO"
Patch attached with submission follows:
#!/bin/sh -
#
#
# Show succesful logins
#
# If there is a global system configuration file, suck it in.
#
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
LOG="${daily_status_security_logdir}"
yesterday=`date -v-1d "+%b %e "`
catmsgs() {
find ${LOG} -name 'auth.log.*' -mtime -2 |
sort -t. -r -n -k 2,2 |
while read f
do
case $f in
*.gz) zcat -f $f;;
*.bz2) bzcat -f $f;;
esac
done
[ -f ${LOG}/auth.log ] && cat $LOG/auth.log
}
case "$daily_status_security_loginok_enable" in
[Yy][Ee][Ss])
echo ""
echo "${host} succesful logins:"
n=$(catmsgs | grep -ia "^$yesterday.*[Aa]ccept" |
tee /dev/stderr | wc -l)
[ $n -gt 0 ] && rc=1 || rc=0;;
*) rc=0;;
esac
exit $rc
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list