Date: Fri, 27 Jun 2008 09:16:24 GMT From: "Alexander Kubrack <a@tim.ua>" <a@tim.ua> To: freebsd-gnats-submit@FreeBSD.org Subject: conf/125041: [patch] New file: /etc/periodic/security/810.loginok Message-ID: <200806270916.m5R9GOD0045489@www.freebsd.org> Resent-Message-ID: <200806270920.m5R9K5nX012355@freefall.freebsd.org>
index | next in thread | raw e-mail
>Number: 125041
>Category: conf
>Synopsis: [patch] New file: /etc/periodic/security/810.loginok
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Jun 27 09:20:05 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Alexander Kubrack <a@tim.ua>
>Release: FreeBSD 7.0-STABLE
>Organization:
>Environment:
FreeBSD aw 7.0-STABLE FreeBSD 7.0-STABLE #0: Thu Apr 10 15:38:31 EEST 2008 root@aw:/usr/obj/usr/src/sys/AW i386
>Description:
For hosts with high security level and which not have very many users, such routers, DB servers etc there is sense to daily check sucsessful logins, like login failures checked now by /etc/periodic/security/800.loginfail.
Suggest to create periodic script /etc/periodic/security/810.loginok (attached) and new variable daily_status_security_loginok_enable in periodic.conf.
>How-To-Repeat:
>Fix:
Save the attached script as /etc/periodic/security/810.loginok
and add this line to /etc/periodic.conf:
daily_status_security_loginok_enable="YES"
Suggested default entry for /etc/defaults/periodic.conf:
# 810.loginok
daily_status_security_loginok_enable="NO"
Patch attached with submission follows:
#!/bin/sh -
#
#
# Show succesful logins
#
# If there is a global system configuration file, suck it in.
#
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
LOG="${daily_status_security_logdir}"
yesterday=`date -v-1d "+%b %e "`
catmsgs() {
find ${LOG} -name 'auth.log.*' -mtime -2 |
sort -t. -r -n -k 2,2 |
while read f
do
case $f in
*.gz) zcat -f $f;;
*.bz2) bzcat -f $f;;
esac
done
[ -f ${LOG}/auth.log ] && cat $LOG/auth.log
}
case "$daily_status_security_loginok_enable" in
[Yy][Ee][Ss])
echo ""
echo "${host} succesful logins:"
n=$(catmsgs | grep -ia "^$yesterday.*[Aa]ccept" |
tee /dev/stderr | wc -l)
[ $n -gt 0 ] && rc=1 || rc=0;;
*) rc=0;;
esac
exit $rc
>Release-Note:
>Audit-Trail:
>Unformatted:
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200806270916.m5R9GOD0045489>