Date: Thu, 8 May 2008 06:44:02 GMT From: Will <disposable_freebsd@therag.org> To: freebsd-gnats-submit@FreeBSD.org Subject: standards/123516: Daily Security Logs Not Reporting Failed Logins Message-ID: <200805080644.m486i26e076101@www.freebsd.org> Resent-Message-ID: <200805080650.m486o1DV096114@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 123516
>Category: standards
>Synopsis: Daily Security Logs Not Reporting Failed Logins
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-standards
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu May 08 06:50:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Will
>Release: 7.0
>Organization:
>Environment:
FreeBSD Dogbert.NameBrandHandle.Net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
My daily mails have stoped reporting failed logins when there are failed logins in /etc/auth.log
I have traced this down as a formatting issue in the yestarday variable of /etc/periodic/800.loginfail
When egrep runs it is using the yesterday variable which reads: "May 7 "
The log files are being written to start "May 7 "
This causes the egrep to fail, thus not displaying any logs
>How-To-Repeat:
When I look at the syntax of the yestarday variable date command, it outputs the correct format when run from the command line.
/etc/periodic/security/800.loginfail:
yesterday=`date -v-1d "+%b %e"`
-------------------
Script Output: "May 7"
Command Line Output: "May 7"
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805080644.m486i26e076101>