Periodic security

From: Ryan Sommers <ryans_at_gamersimpact.com>
Date: Tue, 31 Aug 2004 13:49:21 -0600 (MDT)
Slight modification to the loginfail script for periodics. This will catch
sshd, proftpd and su errors, as well as other programs, better.

--- 800.loginfail       Mon Aug 30 21:50:50 2004
+++ 800.loginfail       Mon Aug 30 21:51:53 2004
_at__at_ -59,7 +59,7 _at__at_
     [Yy][Ee][Ss])
        echo ""
        echo "${host} login failures:"
-       n=$(catmsgs | grep -ia "^$yesterday.*fail" |
+       n=$(catmsgs | egrep -ia "^$yesterday.*(fail|invalid|bad|illegal)" |
            tee /dev/stderr | wc -l)
        [ $n -gt 0 ] && rc=1 || rc=0;;
     *) rc=0;;

-- 
Ryan "leadZERO" Sommers
Gamer's Impact President
ryans_at_gamersimpact.com
ICQ: 1019590
AIM/MSN: leadZERO

-= http://www.gamersimpact.com =-
Received on Tue Aug 31 2004 - 17:43:31 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:09 UTC