conf/91732: [patch] 800.loginfail: fix log message grep expression

Alan Amesbury amesbury at
Fri Mar 19 20:20:04 UTC 2010

The following reply was made to PR conf/91732; it has been noted by GNATS.

From: Alan Amesbury <amesbury at>
To: bug-followup at
Cc: doconnor at,
    trashcan at
Subject: Re: conf/91732: [patch] 800.loginfail: fix log message grep expression
Date: Fri, 19 Mar 2010 14:58:02 -0500

 This is a multi-part message in MIME format.
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit
 Although it's been a few years since Daniel O'Connor submitted his bug 
 report, it looks like this problem hasn't yet been fixed.  I've also run 
 into problems with the simplistic expression used by 'egrep' in 
 800.loginfail, and have come up with my own correction (patch attached) 
 to correct for it based on a minimal approach to change.  In my case the 
 simplistic nature of the regexp is causing it to match hashes that are 
 also being placed in the logs that 800.loginfail examines.  Thus it 
 matches on things like
 Mar 17 00:07:29 [REDACTED] [REDACTED][25063]:        sha256: 
 because that hash happens to have the sequence "bad" in it.
 PR conf/120263 seems related to this.  What can I do to help get this 
 patched in -CURRENT and MFC'ed back to 8.0-RELEASE?
 Alan Amesbury
 OIT Security and Assurance
 University of Minnesota
 Content-Type: text/plain;
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
 --- 800.loginfail.ORIG	2010-03-19 14:42:46.000000000 -0500
 +++ 800.loginfail	2010-03-19 14:43:10.000000000 -0500
 @@ -59,7 +59,7 @@
  	echo ""
  	echo "${host} login failures:"
 -	n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" |
 +	n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal) " |
  	    tee /dev/stderr | wc -l)
  	[ $n -gt 0 ] && rc=1 || rc=0;;
      *)	rc=0;;

More information about the freebsd-bugs mailing list