From owner-freebsd-security Wed Jun 20 14:23:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from nova.fnal.gov (nova.fnal.gov [131.225.121.207]) by hub.freebsd.org (Postfix) with ESMTP id 5778637B401 for ; Wed, 20 Jun 2001 14:23:25 -0700 (PDT) (envelope-from zingelman@fnal.gov) Received: from localhost (tez@localhost) by nova.fnal.gov (8.9.3+Sun/8.9.3) with ESMTP id QAA12693 for ; Wed, 20 Jun 2001 16:23:21 -0500 (CDT) X-Authentication-Warning: nova.fnal.gov: tez owned process doing -bs Date: Wed, 20 Jun 2001 16:23:21 -0500 (CDT) From: Tim Zingelman X-Sender: To: Subject: grep in /etc/security Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On several of our 4.3-RELEASE machines, we have been getting the following in the security check output: x.y.z login failures: Binary file (standard input) matches I tracked this down to the output from this: catmsgs() { find $LOG -name 'messages.*' -mtime -2 | sort -t. -r -n +1 -2 | xargs zcat -f [ -f $LOG/messages ] && cat $LOG/messages } inside /etc/security, sometimes having embedded nulls. so later this: n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l) returns "Binary file (standard input) matches" instead of the matches. Adding -a to the grep, returns the expected matches. Has anyone else seen this? Should I submit a PR, or is there a good reason not to use 'grep -ai' here? - Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message