Further refine the auth fail regex to catch more auth failures and

reduce false positives.

The committed patch was provided by Christian Marg.

PR:		91732
Submitted by:	Daniel O'Connor <doconnor at gsoft.com.au>
		Skye Poier <spoier at gmail.com>
		Alan Amesbury <amesbury at umn.edu>
		Christian Marg <marg at rz.tu-clausthal.de>
MFC after:	1 month
This commit is contained in:
brueffer 2014-02-20 23:43:49 +00:00
parent 3dfc829bda
commit 8e2617b93f

View File

@ -64,7 +64,7 @@ if check_yesno_period security_status_loginfail_enable
then then
echo "" echo ""
echo "${host} login failures:" echo "${host} login failures:"
n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" | n=$(catmsgs | egrep -ia "^$yesterday.*: .*\b(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\b" |
tee /dev/stderr | wc -l) tee /dev/stderr | wc -l)
[ $n -gt 0 ] && rc=1 || rc=0 [ $n -gt 0 ] && rc=1 || rc=0
fi fi