Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 19 Mar 2010 20:20:03 GMT
From:      Alan Amesbury <amesbury@umn.edu>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: conf/91732: [patch] 800.loginfail: fix log message grep expression
Message-ID:  <201003192020.o2JKK3oN062260@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR conf/91732; it has been noted by GNATS.

From: Alan Amesbury <amesbury@umn.edu>
To: bug-followup@FreeBSD.org
Cc: doconnor@gsoft.com.au,
    trashcan@odo.in-berlin.de
Subject: Re: conf/91732: [patch] 800.loginfail: fix log message grep expression
Date: Fri, 19 Mar 2010 14:58:02 -0500

 This is a multi-part message in MIME format.
 --------------070601020601060300050303
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Although it's been a few years since Daniel O'Connor submitted his bug 
 report, it looks like this problem hasn't yet been fixed.  I've also run 
 into problems with the simplistic expression used by 'egrep' in 
 800.loginfail, and have come up with my own correction (patch attached) 
 to correct for it based on a minimal approach to change.  In my case the 
 simplistic nature of the regexp is causing it to match hashes that are 
 also being placed in the logs that 800.loginfail examines.  Thus it 
 matches on things like
 
 Mar 17 00:07:29 [REDACTED] [REDACTED][25063]:        sha256: 
 9e0e0cb645a4cfabadc402fd7e6a38b297b04ac90fa3d4acdc14f027facbb5e7
 
 
 because that hash happens to have the sequence "bad" in it.
 
 PR conf/120263 seems related to this.  What can I do to help get this 
 patched in -CURRENT and MFC'ed back to 8.0-RELEASE?
 
 
 -- 
 Alan Amesbury
 OIT Security and Assurance
 University of Minnesota
 
 --------------070601020601060300050303
 Content-Type: text/plain;
  name="patch_for_800.loginfail"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="patch_for_800.loginfail"
 
 --- 800.loginfail.ORIG	2010-03-19 14:42:46.000000000 -0500
 +++ 800.loginfail	2010-03-19 14:43:10.000000000 -0500
 @@ -59,7 +59,7 @@
      [Yy][Ee][Ss])
  	echo ""
  	echo "${host} login failures:"
 -	n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" |
 +	n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal) " |
  	    tee /dev/stderr | wc -l)
  	[ $n -gt 0 ] && rc=1 || rc=0;;
      *)	rc=0;;
 
 --------------070601020601060300050303--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003192020.o2JKK3oN062260>