Date: Thu, 8 May 2008 06:44:02 GMT From: Will <disposable_freebsd@therag.org> To: freebsd-gnats-submit@FreeBSD.org Subject: standards/123516: Daily Security Logs Not Reporting Failed Logins Message-ID: <200805080644.m486i26e076101@www.freebsd.org> Resent-Message-ID: <200805080650.m486o1DV096114@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 123516 >Category: standards >Synopsis: Daily Security Logs Not Reporting Failed Logins >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-standards >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu May 08 06:50:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Will >Release: 7.0 >Organization: >Environment: FreeBSD Dogbert.NameBrandHandle.Net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: My daily mails have stoped reporting failed logins when there are failed logins in /etc/auth.log I have traced this down as a formatting issue in the yestarday variable of /etc/periodic/800.loginfail When egrep runs it is using the yesterday variable which reads: "May 7 " The log files are being written to start "May 7 " This causes the egrep to fail, thus not displaying any logs >How-To-Repeat: When I look at the syntax of the yestarday variable date command, it outputs the correct format when run from the command line. /etc/periodic/security/800.loginfail: yesterday=`date -v-1d "+%b %e"` ------------------- Script Output: "May 7" Command Line Output: "May 7" >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805080644.m486i26e076101>