Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 01 Feb 2021 17:27:12 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 253168] Daily 800.loginfail fails to process at end/start of logfile turnover period if old logfiles not appended with .gz or .bz2
Message-ID:  <bug-253168-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253168

            Bug ID: 253168
           Summary: Daily 800.loginfail fails to process at end/start of
                    logfile turnover period if old logfiles not appended
                    with .gz or .bz2
           Product: Base System
           Version: 12.2-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: conf
          Assignee: bugs@FreeBSD.org
          Reporter: jamie.baxter@tutanota.com

When processing periodic daily security scripts and 800.loginfail is enable=
d,
the script fails to report any login failures when:
1. It is the first day of a new logfile (so the previous day is turned over=
 by
newsyslog).
2. The turned over logfile does NOT end in .gz or .bz2

This occurs within the catmsgs() function in 800.loginfail, specifically:
---
case $f in
  *.gz)       zcat -f $f;;
  *.bz2)      bzcat -f $f;;
esac
---

I understand that the default newsyslog.conf turns over auth.log with bzip2
(flag J), however I do not compress turned over text logfiles (am running r=
oot
on ZFS and taking advantage of dataset-level compression at /var/log), and =
as
such they get renamed auth.log.X instead of auth.log.X.bz2. While this is
probably an overly simplistic solution, the following modification allows
800.loginfail to function properly on {gz,bz2}-lacking files if they are not
compressed:
---
case $f in
  *.gz)       zcat -f $f;;
  *.bz2)      bzcat -f $f;;
  *)          cat $f;;
esac
---
I understand I may be an edge case here, but thought I would bring it to the
attention of the developers. I presume it also extends to weekly or monthly
scheduling of 800.loginfail for any turned over logfiles that fail to have
{gz,bz2} appended to the filenames. Similarly, I also expect that it also
extends across most recent versions of FreeBSD (at least 8 through CURRENT)=
 as
it appears 800.loginfail has not been updated in almost 7 years.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253168-227>