diff options
| author | brueffer <brueffer@FreeBSD.org> | 2014-02-20 23:43:49 +0000 |
|---|---|---|
| committer | brueffer <brueffer@FreeBSD.org> | 2014-02-20 23:43:49 +0000 |
| commit | 8e2617b93fdb895221089a879ee8045802daa901 (patch) | |
| tree | 9c7b3a638bb21e8b64fce75608a69a50ac39171a | |
| parent | 3dfc829bda87b6c184e6b123134dca09f81a66af (diff) | |
| download | FreeBSD-src-8e2617b93fdb895221089a879ee8045802daa901.zip FreeBSD-src-8e2617b93fdb895221089a879ee8045802daa901.tar.gz | |
Further refine the auth fail regex to catch more auth failures and
reduce false positives.
The committed patch was provided by Christian Marg.
PR: 91732
Submitted by: Daniel O'Connor <doconnor at gsoft.com.au>
Skye Poier <spoier at gmail.com>
Alan Amesbury <amesbury at umn.edu>
Christian Marg <marg at rz.tu-clausthal.de>
MFC after: 1 month
| -rwxr-xr-x | etc/periodic/security/800.loginfail | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/periodic/security/800.loginfail b/etc/periodic/security/800.loginfail index a0de96d..4c78f44 100755 --- a/etc/periodic/security/800.loginfail +++ b/etc/periodic/security/800.loginfail @@ -64,7 +64,7 @@ if check_yesno_period security_status_loginfail_enable then echo "" echo "${host} login failures:" - n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" | + n=$(catmsgs | egrep -ia "^$yesterday.*: .*\b(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\b" | tee /dev/stderr | wc -l) [ $n -gt 0 ] && rc=1 || rc=0 fi |
