49 lines
3.6 KiB
Diff
49 lines
3.6 KiB
Diff
--- logwatch-svn110-dist/scripts/services/secure 2012-09-27 10:01:34.178205179 +0200
|
|
+++ logwatch-svn110-new/scripts/services/secure 2012-09-27 10:38:06.128565662 +0200
|
|
@@ -198,7 +198,7 @@
|
|
#Woody - specific, thanks to Michael Stovenour
|
|
if ($ThisLine =~ /^PAM_unix[\[\]0-9]*:/i ) { next; }
|
|
|
|
- if (( $ThisLine =~ /pam_succeed_if(\([a-zA-Z]*:[a-zA-Z]*\))?: requirement \"uid < 100\" (was|not) met by user /) or
|
|
+ if (( $ThisLine =~ /pam_succeed_if(\([a-zA-Z]*:[a-zA-Z]*\))?: requirement \"uid (<|>)=? 1000?\" (was|not) met by user /) or
|
|
( $ThisLine =~ /pam_rhosts_auth\[\d+\]: allowed to [^ ]+ as \w+/) or
|
|
( $ThisLine =~ /pam_rhosts_auth\([^\)]+\): allowed to [^ ]+ as \w+/) or
|
|
( $ThisLine =~ /^(.*)\(pam_unix\)/) or
|
|
@@ -226,6 +226,8 @@
|
|
( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: authentication failure/) or
|
|
( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: check pass; user unknown/) or
|
|
( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: session /) or
|
|
+ ( $ThisLine =~ /sshd\[\d+\]: Server listening on/) or
|
|
+ ( $ThisLine =~ /sshd\[\d+\]: Received signal \d+; terminating/) or
|
|
( $ThisLine =~ /^ipop3d\[\d+\]:/) or
|
|
( $ThisLine =~ /^su\[\d+\]: [+-] .+/) or
|
|
( $ThisLine =~ /^su\[\d+\]: FAILED su for \S+ by \S+/) or #debian: done in pam_unix
|
|
@@ -233,6 +235,8 @@
|
|
( $ThisLine =~ /^login\[\d+\]: FAILED LOGIN \(\d+\) on ['`]\S+' FOR `\S+', (Authentication failure|User not known to the underlying authentication module)/) or #debian: done in pam_unix
|
|
( $ThisLine =~ /^login: FAILED LOGIN 2 FROM (.*) FOR .*, (Authentication failure|User not known to the underlying authentication module)/) or
|
|
( $ThisLine =~ /^login: pam_securetty(.*): unexpected response from failed conversation function/) or
|
|
+ ( $ThisLine =~ /^login: pam_securetty(.*): access denied: tty '.*' is not secure/) or
|
|
+ ( $ThisLine =~ /^login: pam_securetty(.*): cannot determine username/) or
|
|
( $ThisLine =~ /^pam_limits\[\d+\]/ ) or
|
|
( $ThisLine =~ /^kcheckpass(\[\d+\]|):/ ) or # done in pam_unix
|
|
( $ThisLine =~ /^cyrus\/lmtpd\[\d+\]: [^ ]+ server step [12]/ ) or
|
|
@@ -261,7 +265,8 @@
|
|
( $ThisLine =~ /polkit-grant-helper\[\d+\]: granted authorization for [^ ]* to session .* \[uid=[0-9]*\]/) or
|
|
( $ThisLine =~ /polkit-grant-helper-pam\[\d+\]: pam_thinkfinger\(polkit:auth\): conversation failed/) or
|
|
( $ThisLine =~ /polkitd\(authority=.*\): (Unr|R)egistered Authentication Agent/) or
|
|
- ( $ThisLine =~ /(gdm-session-worker|gdm-password)\[\d+\]: gkr-pam: no password is available for user/) or
|
|
+ ( $ThisLine =~ /polkitd\(authority=.*\): Operator of unix-session:/) or
|
|
+ ( $ThisLine =~ /(gdm-session-worker|gdm-password|gnome-screensaver-dialog)\[\d+\]: gkr-pam: no password is available for user/) or
|
|
( $ThisLine =~ /gkr-pam: the password for the login keyring was invalid/) or
|
|
( $ThisLine =~ /groupadd\[\d+\]: group added to /) or # Details in other messages
|
|
( $ThisLine =~ /groupmod\[\d+\]: group changed in \/etc\/gshadow /) or # Details in other messages
|
|
@@ -360,7 +365,7 @@
|
|
$NoIP->{$ThisLine}++;
|
|
} elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+)\[\d+\]: error: (.+)$/) ) {
|
|
$Error{$Service}{$Err}++;
|
|
- } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (FAILED LOGIN SESSION FROM [^ ]+ FOR , .*)$/ ) ) {
|
|
+ } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (FAILED LOGIN SESSION FROM [^ ]+ FOR ([^ ]+)?, .*)$/ ) ) {
|
|
$Error{$Service}{$Err}++;
|
|
} elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (password mismatch for [^ ]+ in [^ ]+):.*$/ ) ) {
|
|
$Error{$Service}{$Err}++;
|