From owner-freebsd-bugs@FreeBSD.ORG Fri Jan 5 08:50:17 2007 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 93ECA16A407 for ; Fri, 5 Jan 2007 08:50:17 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 4F86313C44C for ; Fri, 5 Jan 2007 08:50:17 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l058oHUj063383 for ; Fri, 5 Jan 2007 08:50:17 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l058oHD8063377; Fri, 5 Jan 2007 08:50:17 GMT (envelope-from gnats) Resent-Date: Fri, 5 Jan 2007 08:50:17 GMT Resent-Message-Id: <200701050850.l058oHD8063377@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Christian Laursen Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2234416A40F for ; Fri, 5 Jan 2007 08:43:06 +0000 (UTC) (envelope-from root@badtrans.pil.dk) Received: from badtrans.pil.dk (badtrans.pil.dk [193.162.142.37]) by mx1.freebsd.org (Postfix) with ESMTP id E632413C442 for ; Fri, 5 Jan 2007 08:43:03 +0000 (UTC) (envelope-from root@badtrans.pil.dk) Received: by badtrans.pil.dk (Postfix, from userid 0) id 9B6E474CC04; Fri, 5 Jan 2007 09:17:31 +0100 (CET) Message-Id: <20070105081731.9B6E474CC04@badtrans.pil.dk> Date: Fri, 5 Jan 2007 09:17:31 +0100 (CET) From: Christian Laursen To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: conf/107560: Change matching expression in periodic/security/800.loginfail X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Christian Laursen List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2007 08:50:17 -0000 >Number: 107560 >Category: conf >Synopsis: Change matching expression in periodic/security/800.loginfail >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jan 05 08:50:16 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Christian Laursen >Release: FreeBSD 6.2-RC1 amd64 >Organization: pil.dk >Environment: System: FreeBSD badtrans.pil.dk 6.2-RC1 FreeBSD 6.2-RC1 #5: Mon Dec 4 13:20:23 CET 2006 root@fahrenheit.pil.dk:/usr/obj/usr/dana/src/freebsd6/src/sys/X2100 amd64 >Description: The current regular expression used to match login failures matches everything if the hostname happens to include one of the words that it looks for. The attached small patch ensures that matching for those keywords is not done on the hostname part of the log lines. >How-To-Repeat: >Fix: --- 800.loginfail.diff begins here --- --- 800.loginfail.orig Fri Jan 5 08:56:12 2007 +++ 800.loginfail Fri Jan 5 09:10:26 2007 @@ -59,7 +59,7 @@ [Yy][Ee][Ss]) echo "" echo "${host} login failures:" - n=$(catmsgs | egrep -ia "^$yesterday.*(fail|invalid|bad|illegal)" | + n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" | tee /dev/stderr | wc -l) [ $n -gt 0 ] && rc=1 || rc=0;; *) rc=0;; --- 800.loginfail.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: