Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 01 Feb 2021 17:27:12 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 253168] Daily 800.loginfail fails to process at end/start of logfile turnover period if old logfiles not appended with .gz or .bz2
Message-ID:  <bug-253168-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253168

            Bug ID: 253168
           Summary: Daily 800.loginfail fails to process at end/start of
                    logfile turnover period if old logfiles not appended
                    with .gz or .bz2
           Product: Base System
           Version: 12.2-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: conf
          Assignee: bugs@FreeBSD.org
          Reporter: jamie.baxter@tutanota.com

When processing periodic daily security scripts and 800.loginfail is enabled,
the script fails to report any login failures when:
1. It is the first day of a new logfile (so the previous day is turned over by
newsyslog).
2. The turned over logfile does NOT end in .gz or .bz2

This occurs within the catmsgs() function in 800.loginfail, specifically:
---
case $f in
  *.gz)       zcat -f $f;;
  *.bz2)      bzcat -f $f;;
esac
---

I understand that the default newsyslog.conf turns over auth.log with bzip2
(flag J), however I do not compress turned over text logfiles (am running root
on ZFS and taking advantage of dataset-level compression at /var/log), and as
such they get renamed auth.log.X instead of auth.log.X.bz2. While this is
probably an overly simplistic solution, the following modification allows
800.loginfail to function properly on {gz,bz2}-lacking files if they are not
compressed:
---
case $f in
  *.gz)       zcat -f $f;;
  *.bz2)      bzcat -f $f;;
  *)          cat $f;;
esac
---
I understand I may be an edge case here, but thought I would bring it to the
attention of the developers. I presume it also extends to weekly or monthly
scheduling of 800.loginfail for any turned over logfiles that fail to have
{gz,bz2} appended to the filenames. Similarly, I also expect that it also
extends across most recent versions of FreeBSD (at least 8 through CURRENT) as
it appears 800.loginfail has not been updated in almost 7 years.

-- 
You are receiving this mail because:
You are the assignee for the bug.
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253168-227>