Date: Wed, 31 Jan 101 01:12:21 GMT From: aeonflux@uact.net To: freebsd-audit@FreeBSd.org Subject: etc/security changes Message-ID: <20010131045941.9423237B69F@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
greetings, I'd like to make the following suggestion for a patch. Obviously as it stands failed ssh logins dont show up in the nightly security checkup. This patch corrects that. You can pull the actual file (for your convince) from http://www.ms-group.com/security/security.patch if you'd prefer. --- /etc/security Tue Jan 30 23:40:48 2001 +++ /etc/security Tue Jan 30 23:48:51 2001 @@ -18,6 +18,7 @@ [ -f $LOG/messages.0.gz ] && zcat $LOG/messages.0.gz [ -f $LOG/messages.0 ] && cat $LOG/messages.0 [ -f $LOG/messages ] && cat $LOG/messages + [ -f $LOG/security ] && cat $LOG/security } sflag=FALSE ignore= @@ -162,6 +163,13 @@ separator echo "${host} login failures:" n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 + +# Show SSH login failures +# +separator +echo "${host} SSH login failures:" +n=$(catmsgs | grep -i "^$yesterday.*Failed password" | tee /dev/stderr | wc -l) [ $n -gt 0 -a $rc -lt 1 ] && rc=1 # Show tcp_wrapper warning messages --------------------------------------------- This message was sent using Ottawa Online Mailbag. http://www.ottawaonline.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010131045941.9423237B69F>