From owner-freebsd-audit Tue Jan 30 20:59:58 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mail.uact.net (mail.uact.net [207.245.207.10]) by hub.freebsd.org (Postfix) with SMTP id 9423237B69F for ; Tue, 30 Jan 2001 20:59:41 -0800 (PST) Received: (qmail 15827 invoked from network); 31 Jan 2001 05:04:53 -0000 Received: from ragoon.uact.net (HELO Debug) (207.245.207.18) by mail.uact.net with SMTP; 31 Jan 2001 05:04:53 -0000 To: freebsd-audit@FreeBSd.org From: aeonflux@uact.net Subject: etc/security changes Date: Wed, 31 Jan 101 01:12:21 GMT X-Mailer: Endymion MailMan Standard Edition v3.0.11 Message-Id: <20010131045941.9423237B69F@hub.freebsd.org> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG greetings, I'd like to make the following suggestion for a patch. Obviously as it stands failed ssh logins dont show up in the nightly security checkup. This patch corrects that. You can pull the actual file (for your convince) from http://www.ms-group.com/security/security.patch if you'd prefer. --- /etc/security Tue Jan 30 23:40:48 2001 +++ /etc/security Tue Jan 30 23:48:51 2001 @@ -18,6 +18,7 @@ [ -f $LOG/messages.0.gz ] && zcat $LOG/messages.0.gz [ -f $LOG/messages.0 ] && cat $LOG/messages.0 [ -f $LOG/messages ] && cat $LOG/messages + [ -f $LOG/security ] && cat $LOG/security } sflag=FALSE ignore= @@ -162,6 +163,13 @@ separator echo "${host} login failures:" n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 + +# Show SSH login failures +# +separator +echo "${host} SSH login failures:" +n=$(catmsgs | grep -i "^$yesterday.*Failed password" | tee /dev/stderr | wc -l) [ $n -gt 0 -a $rc -lt 1 ] && rc=1 # Show tcp_wrapper warning messages --------------------------------------------- This message was sent using Ottawa Online Mailbag. http://www.ottawaonline.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message