From 84beb433c0a2e6a0fa505734699a746805bb077b Mon Sep 17 00:00:00 2001
From: Christian Brueffer <brueffer@FreeBSD.org>
Date: Thu, 20 Feb 2014 23:43:49 +0000
Subject: [PATCH] Further refine the auth fail regex to catch more auth
 failures and reduce false positives.

The committed patch was provided by Christian Marg.

PR:		91732
Submitted by:	Daniel O'Connor <doconnor at gsoft.com.au>
		Skye Poier <spoier at gmail.com>
		Alan Amesbury <amesbury at umn.edu>
		Christian Marg <marg at rz.tu-clausthal.de>
MFC after:	1 month
---
 etc/periodic/security/800.loginfail | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/periodic/security/800.loginfail b/etc/periodic/security/800.loginfail
index a0de96dec10e..4c78f441639a 100755
--- a/etc/periodic/security/800.loginfail
+++ b/etc/periodic/security/800.loginfail
@@ -64,7 +64,7 @@ if check_yesno_period security_status_loginfail_enable
 then
 	echo ""
 	echo "${host} login failures:"
-	n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" |
+	n=$(catmsgs | egrep -ia "^$yesterday.*: .*\b(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\b" |
 	    tee /dev/stderr | wc -l)
 	[ $n -gt 0 ] && rc=1 || rc=0
 fi