From dcb54d0614c21aaae4f87ff5155357ad05ec02c3 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Mon, 11 Mar 2002 19:39:08 +0000
Subject: [PATCH] Update login failure checking to check auth.log instead of
 messages, and teach it to look for more general classes of failures,
 including SSH login failures.  This is similar but not identical to a patch
 submitted by aeonflux@synapse.subneural.net.

---
 etc/periodic/security/800.loginfail | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/etc/periodic/security/800.loginfail b/etc/periodic/security/800.loginfail
index c4446f5f858b..5d61bb78ee74 100755
--- a/etc/periodic/security/800.loginfail
+++ b/etc/periodic/security/800.loginfail
@@ -43,17 +43,17 @@ LOG="${daily_status_security_logdir}"
 yesterday=`date -v-1d "+%b %e "`
 
 catmsgs() {
-	find ${LOG} -name 'messages.*' -mtime -2 |
+	find ${LOG} -name 'auth.log.*' -mtime -2 |
 	    sort -t. -r -n +1 -2 |
 	    xargs zcat -f
-	[ -f ${LOG}/messages ] && cat $LOG/messages
+	[ -f ${LOG}/auth.log ] && cat $LOG/auth.log
 }
 
 case "$daily_status_security_loginfail_enable" in
     [Yy][Ee][Ss])
 	echo ""
 	echo "${host} login failures:"
-	n=$(catmsgs | grep -ia "^$yesterday.*login failure" |
+	n=$(catmsgs | grep -ia "^$yesterday.*[fF]ail" |
 	    tee /dev/stderr | wc -l)
 	[ $n -gt 0 ] && rc=1 || rc=0;;
     *)	rc=0;;