Date: Mon, 01 Feb 2021 17:27:12 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 253168] Daily 800.loginfail fails to process at end/start of logfile turnover period if old logfiles not appended with .gz or .bz2 Message-ID: <bug-253168-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253168 Bug ID: 253168 Summary: Daily 800.loginfail fails to process at end/start of logfile turnover period if old logfiles not appended with .gz or .bz2 Product: Base System Version: 12.2-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: conf Assignee: bugs@FreeBSD.org Reporter: jamie.baxter@tutanota.com When processing periodic daily security scripts and 800.loginfail is enable= d, the script fails to report any login failures when: 1. It is the first day of a new logfile (so the previous day is turned over= by newsyslog). 2. The turned over logfile does NOT end in .gz or .bz2 This occurs within the catmsgs() function in 800.loginfail, specifically: --- case $f in *.gz) zcat -f $f;; *.bz2) bzcat -f $f;; esac --- I understand that the default newsyslog.conf turns over auth.log with bzip2 (flag J), however I do not compress turned over text logfiles (am running r= oot on ZFS and taking advantage of dataset-level compression at /var/log), and = as such they get renamed auth.log.X instead of auth.log.X.bz2. While this is probably an overly simplistic solution, the following modification allows 800.loginfail to function properly on {gz,bz2}-lacking files if they are not compressed: --- case $f in *.gz) zcat -f $f;; *.bz2) bzcat -f $f;; *) cat $f;; esac --- I understand I may be an edge case here, but thought I would bring it to the attention of the developers. I presume it also extends to weekly or monthly scheduling of 800.loginfail for any turned over logfiles that fail to have {gz,bz2} appended to the filenames. Similarly, I also expect that it also extends across most recent versions of FreeBSD (at least 8 through CURRENT)= as it appears 800.loginfail has not been updated in almost 7 years. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253168-227>