From root@cc.fh-lippe.de  Sun Jan 10 01:22:44 1999
Received: from henoch.cc.fh-lippe.de (henoch.cc.fh-lippe.de [193.16.112.72])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA22795
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 10 Jan 1999 01:22:43 -0800 (PST)
          (envelope-from root@cc.fh-lippe.de)
Received: from spock.cc.fh-lippe.de([193.16.118.120]) (1437 bytes) 
	by henoch.cc.fh-lippe.de
	via sendmail with P:smtp/R:inet_hosts/T:smtp
	(sender: <root@cc.fh-lippe.de>) 
	id <m0zzH4V-00008zC@henoch.cc.fh-lippe.de>
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 10 Jan 1999 10:22:11 +0100 (MET)
	(Smail-3.2.0.101 1997-Dec-17 #3 built 1998-Feb-3)
Received: from cc.fh-lippe.de by spock.cc.fh-lippe.de with smtp
	(Smail3.1.29.1 #2) id m0zzH4S-00079hC; Sun, 10 Jan 99 10:22 MET
Received: (from root@localhost)
	by cc.fh-lippe.de (8.9.1/8.9.1) id JAA07181;
	Sun, 10 Jan 1999 09:37:03 +0100 (CET)
	(envelope-from root)
Message-Id: <199901100837.JAA07181@cc.fh-lippe.de>
Date: Sun, 10 Jan 1999 09:37:03 +0100 (CET)
From: Charlie Root <root@cc.fh-lippe.de>
Reply-To: root@cc.fh-lippe.de
To: FreeBSD-gnats-submit@freebsd.org
Subject: /etc/security does not recognise login failures
X-Send-Pr-Version: 3.2

>Number:         9424
>Category:       misc
>Synopsis:       wrong grep in /etc/security
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 10 01:30:00 PST 1999
>Closed-Date:    Sun Jan 10 03:21:15 PST 1999
>Last-Modified:  Sun Jan 10 03:30:00 PST 1999
>Originator:     Lars Kller
>Release:        FreeBSD 3.0-RELEASE i386
>Organization:
Fachhochschule Lippe, Lemgo, Germany
>Environment:

	FreeBSD-3.0 RELEASE ELF

>Description:

	In /etc/security a 'grep -i "login failures" $LOG/messages' is
	executed to grep the login failures, but syslog reports them as

	Jan  9 13:30:07 odie login: 1 LOGIN FAILURE FROM localhost, root

>How-To-Repeat:



>Fix:

	change the line

	grep -i "login failures" $LOG/messages

	to

	grep -i "login failure" $LOG/messages

	in /etc/security
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: danny 
State-Changed-When: Sun Jan 10 03:21:15 PST 1999 
State-Changed-Why:  
Fix applied.  Thank you. 

From: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl>
To: Charlie Root <root@cc.fh-lippe.de>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: RE: misc/9424: /etc/security does not recognise login failures
Date: Sun, 10 Jan 1999 12:36:48 +0100 (CET)

 Actually the `problem' is slightly different.
 
 It only parses the logfile for mutliple subsequent failures and not single
 failures. This patch will alter /etc/security to report all login failures.
 
 --- /etc/security.orig  Sun Jan 10 12:24:37 1999
 +++ /etc/security       Sun Jan 10 12:31:07 1999
 @@ -103,6 +103,7 @@
  # show login failures
  separator
  echo "$host login failures:"
 +grep -i "login failure" $LOG/messages
  grep -i "login failures" $LOG/messages
  
  # show tcp_wrapper warning messages
 
 
 ---
 Jeroen Ruigrok van der Werven    A veil of smoke is what I am,
 asmodai(at)wxs.nl                         I wait and I wait...
 Network/Security Specialist      <http://home.wxs.nl/~asmodai>
 BSD & picoBSD: The Power to Serve     <http://www.freebsd.org>
>Unformatted:
