diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2002-03-11 19:39:08 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2002-03-11 19:39:08 +0000 |
commit | cd9281b38090b2fb99b5fe3ea90e0a136c5f243b (patch) | |
tree | 3cf4bb2213b9f28a6c6328e99003d4f6b63e4cd0 /etc/periodic | |
parent | ee1b1a6549933e9f5d18befb1a35e3925641aeba (diff) | |
download | src-cd9281b38090b2fb99b5fe3ea90e0a136c5f243b.tar.gz src-cd9281b38090b2fb99b5fe3ea90e0a136c5f243b.zip |
Update login failure checking to check auth.log instead of messages,
and teach it to look for more general classes of failures, including
SSH login failures. This is similar but not identical to a patch
submitted by aeonflux@synapse.subneural.net.
Notes
Notes:
svn path=/head/; revision=92102
Diffstat (limited to 'etc/periodic')
-rwxr-xr-x | etc/periodic/security/800.loginfail | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/periodic/security/800.loginfail b/etc/periodic/security/800.loginfail index c4446f5f858b..5d61bb78ee74 100755 --- a/etc/periodic/security/800.loginfail +++ b/etc/periodic/security/800.loginfail @@ -43,17 +43,17 @@ LOG="${daily_status_security_logdir}" yesterday=`date -v-1d "+%b %e "` catmsgs() { - find ${LOG} -name 'messages.*' -mtime -2 | + find ${LOG} -name 'auth.log.*' -mtime -2 | sort -t. -r -n +1 -2 | xargs zcat -f - [ -f ${LOG}/messages ] && cat $LOG/messages + [ -f ${LOG}/auth.log ] && cat $LOG/auth.log } case "$daily_status_security_loginfail_enable" in [Yy][Ee][Ss]) echo "" echo "${host} login failures:" - n=$(catmsgs | grep -ia "^$yesterday.*login failure" | + n=$(catmsgs | grep -ia "^$yesterday.*[fF]ail" | tee /dev/stderr | wc -l) [ $n -gt 0 ] && rc=1 || rc=0;; *) rc=0;; |