From nobody@FreeBSD.org  Sat Jun 14 08:01:03 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6071E106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 14 Jun 2008 08:01:03 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 52B418FC14
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 14 Jun 2008 08:01:03 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m5E812PJ022007
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 14 Jun 2008 08:01:02 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m5E812Qe022006;
	Sat, 14 Jun 2008 08:01:02 GMT
	(envelope-from nobody)
Message-Id: <200806140801.m5E812Qe022006@www.freebsd.org>
Date: Sat, 14 Jun 2008 08:01:02 GMT
From: Taku <taku@tekipaki.jp>
To: freebsd-gnats-submit@FreeBSD.org
Subject: inadequate regular expression in /etc/periodic/security/800.loginfail
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         124569
>Category:       conf
>Synopsis:       [patch] inadequate regular expression in /etc/periodic/security/800.loginfail
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jun 14 08:10:07 UTC 2008
>Closed-Date:    Sun Jul 06 10:36:00 UTC 2008
>Last-Modified:  Sun Jul 06 10:36:00 UTC 2008
>Originator:     Taku
>Release:        FreeBSD 7.0-RELEASE i386
>Organization:
>Environment:
FreeBSD FreeBSD7 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008     root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
The regular expression in line 62 of /etc/periodic/security/800.loginfail is inadequate.
It doesn't match (fail|invalid|bad|illegal) at the head of message because unnecessary space exists.

>How-To-Repeat:

>Fix:
--- /etc/periodic/security/800.loginfail.orig   2008-02-25 02:53:19.000000000 +0900
+++ /etc/periodic/security/800.loginfail        2008-06-15 01:34:57.000000000 +0900
@@ -59,7 +59,7 @@
     [Yy][Ee][Ss])
        echo ""
        echo "${host} login failures:"
-       n=$(catmsgs | egrep -ia "^$yesterday.*: .* (fail|invalid|bad|illegal)" |
+       n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" |
            tee /dev/stderr | wc -l)
        [ $n -gt 0 ] && rc=1 || rc=0;;
     *) rc=0;;


>Release-Note:
>Audit-Trail:

From: Taku <taku@tekipaki.jp>
To: bug-followup@FreeBSD.org,
 taku@tekipaki.jp
Cc:  
Subject: Re: conf/124569: [patch] inadequate regular expression in /etc/periodic/security/800.loginfail
Date: Sun, 29 Jun 2008 19:33:24 +0900

 Here is a revised patch for conf/124569.
 
 --- /etc/periodic/security/800.loginfail.orig	2008-02-25 02:53:19.000000000 +0900
 +++ /etc/periodic/security/800.loginfail	2008-06-30 02:46:05.000000000 +0900
 @@ -59,7 +59,7 @@
      [Yy][Ee][Ss])
  	echo ""
  	echo "${host} login failures:"
 -	n=$(catmsgs | egrep -ia "^$yesterday.*: .* (fail|invalid|bad|illegal)" |
 +	n=$(catmsgs | egrep -ia "^$yesterday.*: (.* )?(fail|invalid|bad|illegal)" |
  	    tee /dev/stderr | wc -l)
  	[ $n -gt 0 ] && rc=1 || rc=0;;
      *)	rc=0;;
 
 Regards,
 Taku
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: conf/124569: commit references a PR
Date: Mon, 30 Jun 2008 08:02:07 +0000 (UTC)

 mtm         2008-06-30 08:01:47 UTC
 
   FreeBSD src repository
 
   Modified files:
     etc/periodic/security 800.loginfail 
   Log:
   SVN rev 180111 on 2008-06-30 08:01:47Z by mtm
   
   Rev. 1.8 broke matching on lines where the failure mode is at the head
   of the message, such as:
     Jun 30 10:49:21 rogue sshd[17553]: Invalid user iceman from 127.0.0.1
   
   PR: conf/124569
   Submitted by:   Taku <taku@tekipaki.jp>
   
   Revision  Changes    Path
   1.9       +1 -1      src/etc/periodic/security/800.loginfail
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: conf/124569: commit references a PR
Date: Sun,  6 Jul 2008 10:21:40 +0000 (UTC)

 mtm         2008-07-06 10:21:12 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_7)
     etc/periodic/security 800.loginfail 
   Log:
   SVN rev 180319 on 2008-07-06 10:21:12Z by mtm
   
   MFC: r180111
     Rev. 1.8 broke matching on lines where the failure mode is at the head
     of the message, such as:
       Jun 30 10:49:21 rogue sshd[17553]: Invalid user iceman from 127.0.0.1
   
     PR: conf/124569
     Submitted by: Taku <taku@tekipaki.jp>
   
   Revision  Changes    Path
   1.8.2.1   +1 -1      src/etc/periodic/security/800.loginfail
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: mtm 
State-Changed-When: Sun Jul 6 10:33:47 UTC 2008 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=124569 
>Unformatted:
