Date: Fri, 19 Mar 2010 20:20:03 GMT From: Alan Amesbury <amesbury@umn.edu> To: freebsd-bugs@FreeBSD.org Subject: Re: conf/91732: [patch] 800.loginfail: fix log message grep expression Message-ID: <201003192020.o2JKK3oN062260@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/91732; it has been noted by GNATS. From: Alan Amesbury <amesbury@umn.edu> To: bug-followup@FreeBSD.org Cc: doconnor@gsoft.com.au, trashcan@odo.in-berlin.de Subject: Re: conf/91732: [patch] 800.loginfail: fix log message grep expression Date: Fri, 19 Mar 2010 14:58:02 -0500 This is a multi-part message in MIME format. --------------070601020601060300050303 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Although it's been a few years since Daniel O'Connor submitted his bug report, it looks like this problem hasn't yet been fixed. I've also run into problems with the simplistic expression used by 'egrep' in 800.loginfail, and have come up with my own correction (patch attached) to correct for it based on a minimal approach to change. In my case the simplistic nature of the regexp is causing it to match hashes that are also being placed in the logs that 800.loginfail examines. Thus it matches on things like Mar 17 00:07:29 [REDACTED] [REDACTED][25063]: sha256: 9e0e0cb645a4cfabadc402fd7e6a38b297b04ac90fa3d4acdc14f027facbb5e7 because that hash happens to have the sequence "bad" in it. PR conf/120263 seems related to this. What can I do to help get this patched in -CURRENT and MFC'ed back to 8.0-RELEASE? -- Alan Amesbury OIT Security and Assurance University of Minnesota --------------070601020601060300050303 Content-Type: text/plain; name="patch_for_800.loginfail" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="patch_for_800.loginfail" --- 800.loginfail.ORIG 2010-03-19 14:42:46.000000000 -0500 +++ 800.loginfail 2010-03-19 14:43:10.000000000 -0500 @@ -59,7 +59,7 @@ [Yy][Ee][Ss]) echo "" echo "${host} login failures:" - n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" | + n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal) " | tee /dev/stderr | wc -l) [ $n -gt 0 ] && rc=1 || rc=0;; *) rc=0;; --------------070601020601060300050303--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003192020.o2JKK3oN062260>