From nobody@FreeBSD.org  Sun May 16 22:53:47 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 62FC516A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 16 May 2004 22:53:47 -0700 (PDT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E495843D2D
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 16 May 2004 22:53:46 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.11/8.12.11) with ESMTP id i4H5rkTO066523
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 16 May 2004 22:53:46 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.11/8.12.11/Submit) id i4H5rkCV066522;
	Sun, 16 May 2004 22:53:46 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200405170553.i4H5rkCV066522@www.freebsd.org>
Date: Sun, 16 May 2004 22:53:46 -0700 (PDT)
From: Mark Steven Baker <msbaker@cs.uoregon.edu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: /etc/periodic/security/ 800.loginfail script reports failed logins from previous year
X-Send-Pr-Version: www-2.3

>Number:         66726
>Category:       conf
>Synopsis:       /etc/periodic/security/ 800.loginfail script reports failed logins from previous year
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun May 16 23:00:39 PDT 2004
>Closed-Date:    Thu Jul 19 13:18:13 GMT 2007
>Last-Modified:  Thu Jul 19 13:18:13 GMT 2007
>Originator:     Mark Steven Baker
>Release:        4.8 Release
>Organization:
>Environment:
FreeBSD xxxxx 4.8-RELEASE FreeBSD 4.8-RELEASE      
>Description:
The 800.loginfail script in /etc/periodic/security that normally runs  
via cron every night is supposed to report login failures from /var/log/auth.log for the previous day and email this to root as part of the daily security report. 

If a single auth.log file exists on a system with a year of syslog data, the current script will report failed login errors from the previous date one year earlier as well.
>How-To-Repeat:
Edit the /var/log/auth.log file, creating some bogus login failures for   one year earlier than the previous day. Then manually run the 
/etc/periodic/security/800.loginfail script and see that these year-old login failures are reported.
>Fix:
I had some trouble understanding the catmsg function in 800.loginfail, so I can't suggest a fix.


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: gavin 
State-Changed-When: Thu Jul 19 13:17:20 UTC 2007 
State-Changed-Why:  
Duplicate of conf/70715, which contains slightly more info. 
Thanks for your bug report! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=66726 
>Unformatted:
