From owner-svn-src-all@FreeBSD.ORG  Thu Feb 20 23:43:50 2014
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 3C6B8466;
 Thu, 20 Feb 2014 23:43:50 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 28B2A1F8C;
 Thu, 20 Feb 2014 23:43:50 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s1KNhowY019120;
 Thu, 20 Feb 2014 23:43:50 GMT
 (envelope-from brueffer@svn.freebsd.org)
Received: (from brueffer@localhost)
 by svn.freebsd.org (8.14.8/8.14.8/Submit) id s1KNhoJR019119;
 Thu, 20 Feb 2014 23:43:50 GMT
 (envelope-from brueffer@svn.freebsd.org)
Message-Id: <201402202343.s1KNhoJR019119@svn.freebsd.org>
From: Christian Brueffer <brueffer@FreeBSD.org>
Date: Thu, 20 Feb 2014 23:43:50 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r262273 - head/etc/periodic/security
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Feb 2014 23:43:50 -0000

Author: brueffer
Date: Thu Feb 20 23:43:49 2014
New Revision: 262273
URL: http://svnweb.freebsd.org/changeset/base/262273

Log:
  Further refine the auth fail regex to catch more auth failures and
  reduce false positives.
  
  The committed patch was provided by Christian Marg.
  
  PR:		91732
  Submitted by:	Daniel O'Connor <doconnor at gsoft.com.au>
  		Skye Poier <spoier at gmail.com>
  		Alan Amesbury <amesbury at umn.edu>
  		Christian Marg <marg at rz.tu-clausthal.de>
  MFC after:	1 month

Modified:
  head/etc/periodic/security/800.loginfail

Modified: head/etc/periodic/security/800.loginfail
==============================================================================
--- head/etc/periodic/security/800.loginfail	Thu Feb 20 23:18:30 2014	(r262272)
+++ head/etc/periodic/security/800.loginfail	Thu Feb 20 23:43:49 2014	(r262273)
@@ -64,7 +64,7 @@ if check_yesno_period security_status_lo
 then
 	echo ""
 	echo "${host} login failures:"
-	n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" |
+	n=$(catmsgs | egrep -ia "^$yesterday.*: .*\b(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\b" |
 	    tee /dev/stderr | wc -l)
 	[ $n -gt 0 ] && rc=1 || rc=0
 fi