diff options
author | brueffer <brueffer@FreeBSD.org> | 2014-03-23 12:58:48 +0000 |
---|---|---|
committer | brueffer <brueffer@FreeBSD.org> | 2014-03-23 12:58:48 +0000 |
commit | 07d19fb7faa6c38d2c10ac65b9260048c5cf71b2 (patch) | |
tree | 014f8362aa7c20f13a105e9c8b2e9646a3871051 /etc | |
parent | 4109153d7bcc027c301b55bc5a7169e75d3f7b40 (diff) | |
download | FreeBSD-src-07d19fb7faa6c38d2c10ac65b9260048c5cf71b2.zip FreeBSD-src-07d19fb7faa6c38d2c10ac65b9260048c5cf71b2.tar.gz |
Further refine the auth fail regex to catch more auth failures and
reduce false positives.
The committed patch was provided by Christian Marg.
PR: 91732
Submitted by: Daniel O'Connor <doconnor at gsoft.com.au>
Skye Poier <spoier at gmail.com>
Alan Amesbury <amesbury at umn.edu>
Christian Marg <marg at rz.tu-clausthal.de>
Diffstat (limited to 'etc')
-rwxr-xr-x | etc/periodic/security/800.loginfail | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/periodic/security/800.loginfail b/etc/periodic/security/800.loginfail index a0de96d..4c78f44 100755 --- a/etc/periodic/security/800.loginfail +++ b/etc/periodic/security/800.loginfail @@ -64,7 +64,7 @@ if check_yesno_period security_status_loginfail_enable then echo "" echo "${host} login failures:" - n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" | + n=$(catmsgs | egrep -ia "^$yesterday.*: .*\b(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\b" | tee /dev/stderr | wc -l) [ $n -gt 0 ] && rc=1 || rc=0 fi |