From 8b883929b6ea42f3dbd25e13960b76987c16a962 Mon Sep 17 00:00:00 2001
From: cjc <cjc@FreeBSD.org>
Date: Thu, 21 Jun 2001 19:17:15 +0000
Subject: Fixing a bug reported on freebsd-security. It is possible for
 non-printable characters to sneak into /var/log/messages (e.g. someone aims a
 Solaris/Linux RCP exploit at your FreeBSD box and you end up with his
 shellcode as part of a log entry). You might get something like,

  host.mydom.org login failures:
  Binary file (standard input) matches

In the daily security script as a result. Allowing attackers to
mess with your security script's ability to accurately report
is a Bad Thing. Tell grep(1) to treat /var/log/messages like a
text file even if it has non-printable characters.

Submitted by:	Tim Zingelman <zingelman@fnal.gov> on freebsd-security
Approved by:	ru
MFC after:	1 week
---
 etc/security | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'etc')

diff --git a/etc/security b/etc/security
index 82e384f..c26abeb 100644
--- a/etc/security
+++ b/etc/security
@@ -186,7 +186,7 @@ fi
 #
 separator
 echo "${host} login failures:"
-n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l)
+n=$(catmsgs | grep -ia "^$yesterday.*login failure" | tee /dev/stderr | wc -l)
 [ $n -gt 0 -a $rc -lt 1 ] && rc=1
 
 # Show tcp_wrapper warning messages
-- 
cgit v1.1