svn commit: r263662 - stable/9/etc/periodic/security

Christian Brueffer brueffer at FreeBSD.org
Sun Mar 23 13:03:47 UTC 2014


Author: brueffer
Date: Sun Mar 23 13:03:46 2014
New Revision: 263662
URL: http://svnweb.freebsd.org/changeset/base/263662

Log:
  MFC: r262273
  
  Further refine the auth fail regex to catch more auth failures and
  reduce false positives.
  
  The committed patch was provided by Christian Marg.
  
  PR:		91732
  Submitted by:	Daniel O'Connor <doconnor at gsoft.com.au>
      		Skye Poier <spoier at gmail.com>
      		Alan Amesbury <amesbury at umn.edu>
      		Christian Marg <marg at rz.tu-clausthal.de>

Modified:
  stable/9/etc/periodic/security/800.loginfail
Directory Properties:
  stable/9/etc/   (props changed)

Modified: stable/9/etc/periodic/security/800.loginfail
==============================================================================
--- stable/9/etc/periodic/security/800.loginfail	Sun Mar 23 12:58:48 2014	(r263661)
+++ stable/9/etc/periodic/security/800.loginfail	Sun Mar 23 13:03:46 2014	(r263662)
@@ -59,7 +59,7 @@ case "$daily_status_security_loginfail_e
     [Yy][Ee][Ss])
 	echo ""
 	echo "${host} login failures:"
-	n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" |
+	n=$(catmsgs | egrep -ia "^$yesterday.*: .*\b(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\b" |
 	    tee /dev/stderr | wc -l)
 	[ $n -gt 0 ] && rc=1 || rc=0;;
     *)	rc=0;;


More information about the svn-src-stable-9 mailing list