diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-03-11 19:39:08 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-03-11 19:39:08 +0000 |
commit | dcb54d0614c21aaae4f87ff5155357ad05ec02c3 (patch) | |
tree | 3cf4bb2213b9f28a6c6328e99003d4f6b63e4cd0 /etc/periodic/security | |
parent | 88fca29c1b939bc55337d5bb7d77788278713164 (diff) | |
download | FreeBSD-src-dcb54d0614c21aaae4f87ff5155357ad05ec02c3.zip FreeBSD-src-dcb54d0614c21aaae4f87ff5155357ad05ec02c3.tar.gz |
Update login failure checking to check auth.log instead of messages,
and teach it to look for more general classes of failures, including
SSH login failures. This is similar but not identical to a patch
submitted by aeonflux@synapse.subneural.net.
Diffstat (limited to 'etc/periodic/security')
-rwxr-xr-x | etc/periodic/security/800.loginfail | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/periodic/security/800.loginfail b/etc/periodic/security/800.loginfail index c4446f5..5d61bb7 100755 --- a/etc/periodic/security/800.loginfail +++ b/etc/periodic/security/800.loginfail @@ -43,17 +43,17 @@ LOG="${daily_status_security_logdir}" yesterday=`date -v-1d "+%b %e "` catmsgs() { - find ${LOG} -name 'messages.*' -mtime -2 | + find ${LOG} -name 'auth.log.*' -mtime -2 | sort -t. -r -n +1 -2 | xargs zcat -f - [ -f ${LOG}/messages ] && cat $LOG/messages + [ -f ${LOG}/auth.log ] && cat $LOG/auth.log } case "$daily_status_security_loginfail_enable" in [Yy][Ee][Ss]) echo "" echo "${host} login failures:" - n=$(catmsgs | grep -ia "^$yesterday.*login failure" | + n=$(catmsgs | grep -ia "^$yesterday.*[fF]ail" | tee /dev/stderr | wc -l) [ $n -gt 0 ] && rc=1 || rc=0;; *) rc=0;; |