On Tue, 31 Aug 2004, Ryan Sommers wrote: > Slight modification to the loginfail script for periodics. This will catch > sshd, proftpd and su errors, as well as other programs, better. The drawback to this is that it will log multiple messages from ssh since it prints a couple of 'illegal' lines before the "failed password for illegal user ...' line. It'd be nice to filter those down somewhat. > > --- 800.loginfail Mon Aug 30 21:50:50 2004 > +++ 800.loginfail Mon Aug 30 21:51:53 2004 > _at__at_ -59,7 +59,7 _at__at_ > [Yy][Ee][Ss]) > echo "" > echo "${host} login failures:" > - n=$(catmsgs | grep -ia "^$yesterday.*fail" | > + n=$(catmsgs | egrep -ia "^$yesterday.*(fail|invalid|bad|illegal)" | > tee /dev/stderr | wc -l) > [ $n -gt 0 ] && rc=1 || rc=0;; > *) rc=0;; > > -- Doug White | FreeBSD: The Power to Serve dwhite_at_gumbysoft.com | www.FreeBSD.orgReceived on Wed Sep 08 2004 - 23:55:55 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:11 UTC