58 lines
3.8 KiB
Diff
58 lines
3.8 KiB
Diff
diff -up logwatch-7.3.6/scripts/services/secure.pom logwatch-7.3.6/scripts/services/secure
|
|
--- logwatch-7.3.6/scripts/services/secure.pom 2008-10-20 13:50:05.000000000 +0200
|
|
+++ logwatch-7.3.6/scripts/services/secure 2008-10-21 10:47:07.000000000 +0200
|
|
@@ -196,7 +196,9 @@ while (defined($ThisLine = <STDIN>)) {
|
|
( $ThisLine =~ /^su\[\d+\]: [+-] .+/) or
|
|
( $ThisLine =~ /^su\[\d+\]: FAILED su for \S+ by \S+/) or #debian: done in pam_unix
|
|
( $ThisLine =~ /^login\[\d+\]: ROOT LOGIN on '\S+'/) or #debian: done in pam_unix (Similar message on other system is reported)
|
|
- ( $ThisLine =~ /^login\[\d+\]: FAILED LOGIN \(\d+\) on ['`]\S+' FOR `\S+', (Authentication failure|User not known to the underlying authentication module)/) or #debian: done in pam_unix
|
|
+ ( $ThisLine =~ /^login\[\d+\]: FAILED LOGIN \(\d+\) on ['`]\S+' FOR `\S+', (Authentication failure|User not known to the underlying authentication module)/) or
|
|
+ ( $ThisLine =~ /^login: FAILED LOGIN 2 FROM (.*) FOR .*, (Authentication failure|User not known to the underlying authentication module)/) or
|
|
+ ( $ThisLine =~ /^login: pam_securetty(.*): unexpected response from failed conversation function/) or
|
|
( $ThisLine =~ /^pam_limits\[\d+\]/ ) or
|
|
( $ThisLine =~ /^kcheckpass(\[\d+\]|):/ ) or # done in pam_unix
|
|
( $ThisLine =~ /^cyrus\/lmtpd\[\d+\]: [^ ]+ server step [12]/ ) or
|
|
@@ -213,8 +215,15 @@ while (defined($ThisLine = <STDIN>)) {
|
|
( $ThisLine =~ /pam_succeed_if\(.*:.*\): error retrieving information about user [a-zA-Z]*/ ) or
|
|
( $ThisLine =~ /logfile turned over/) or # newsyslog on OpenBSD
|
|
( $ThisLine =~ /Connection closed by/) or
|
|
- ( $ThisLine =~ /sshd.*: Accepted \S+ for \S+ from [\d\.:a-f]+ port \d+/) or # ssh script reads this log )
|
|
- ( $ThisLine =~ /userhelper.*: running (.*) with context (.*)/)
|
|
+ ( $ThisLine =~ /sshd.*: Accepted \S+ for \S+ from [\d\.:a-f]+ port \d+/) or # ssh script reads this log ) or
|
|
+ ( $ThisLine =~ /userhelper.*: running (.*) with context (.*)/) or
|
|
+ ( $ThisLine =~ /userhelper.*: pam_thinkfinger(.*): conversation failed/) or
|
|
+ ( $ThisLine =~ /su: PAM [0-9] more authentication failure; .*/) or
|
|
+ ( $ThisLine =~ /polkit-grant-helper\[\d+\]: granted authorization for [^ ]* to uid [0-9]* \[auth=.*\]/) or
|
|
+ ( $ThisLine =~ /polkit-grant-helper\[\d+\]: granted authorization for [^ ]* to session .* \[uid=[0-9]*\]/) or
|
|
+ ( $ThisLine =~ /polkit-grant-helper-pam\[\d+\]: pam_thinkfinger\(polkit:auth\): conversation failed/) or
|
|
+ ( $ThisLine =~ /gdm-session-worker\[\d+\]: gkr-pam: no password is available for user/) or
|
|
+ ( $ThisLine =~ /gdm-session-worker\[\d+\]: pam_namespace\(gdm:session\): Unmount of [^ ]* failed, Device or resource busy/)
|
|
) {
|
|
# Ignore these entries
|
|
} elsif ($ThisLine =~ /^spop3d/ || $ThisLine =~ /^pop\(\w+\)\[\d+\]:/) {
|
|
@@ -423,6 +432,9 @@ while (defined($ThisLine = <STDIN>)) {
|
|
$ChangedUID{"$Name,$UID1,$UID2"}++;
|
|
} elsif (($Module,$Service) = ($ThisLine =~ /Deprecated (pam_[^ ]*) module called from service "([^ ]*)"/)) {
|
|
$DeprecateModule{"$Module,$Service"}++;
|
|
+ } elsif ( ($User) = ($ThisLine =~ /useradd.*failed adding user `(.*)', data deleted/) ) {# failed adding user/)) {# (.*), data deleted/)) {
|
|
+ # useradd: failed adding user `rpcuser', data deleted
|
|
+ $FailedAddUsers{$User}++;
|
|
} else {
|
|
# Unmatched entries...
|
|
$ThisLine =~ s/\[\d+\]:/:/;
|
|
@@ -440,6 +452,14 @@ if ($DeletedUsers) {
|
|
print "Deleted Users:\n$DeletedUsers\n";
|
|
}
|
|
|
|
+if (keys %FailedAddUsers) {
|
|
+ print "Failed adding users:\n";
|
|
+ foreach $User (keys %FailedAddUsers) {
|
|
+ print " $User: ". $FailedAddUsers{$User}. " Time(s)\n";
|
|
+ }
|
|
+ print"\n";
|
|
+}
|
|
+
|
|
if ($NewGroups) {
|
|
print "New Groups:\n$NewGroups\n";
|
|
}
|