1#!/bin/sh - 2# 3# Copyright (c) 2001 The FreeBSD Project 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# 27# $FreeBSD: src/etc/periodic/security/800.loginfail,v 1.8 2007/02/23 21:42:54 remko Exp $ 28# $DragonFly: src/etc/periodic/security/800.loginfail,v 1.3 2007/12/29 21:44:44 matthias Exp $ 29# 30 31# Show login failures 32# 33 34# If there is a global system configuration file, suck it in. 35# 36if [ -r /etc/defaults/periodic.conf ] 37then 38 . /etc/defaults/periodic.conf 39 source_periodic_confs 40fi 41 42LOG="${daily_status_security_logdir}" 43 44yesterday=`date -v-1d "+%b %e "` 45 46catmsgs() { 47 find ${LOG} -name 'auth.log.*' -mtime -2 | 48 sort -t. -r -n -k 2,2 | 49 while read f 50 do 51 case $f in 52 *.gz) zcat -f $f;; 53 *.bz2) bzcat -f $f;; 54 esac 55 done 56 [ -f ${LOG}/auth.log ] && cat $LOG/auth.log 57} 58 59case "$daily_status_security_loginfail_enable" in 60 [Yy][Ee][Ss]) 61 echo "" 62 echo "${host} login failures:" 63 n=$(catmsgs | egrep -ia "^$yesterday.*: .* (fail|invalid|bad|illegal)" | 64 tee /dev/stderr | wc -l) 65 [ $n -gt 0 ] && rc=1 || rc=0;; 66 *) rc=0;; 67esac 68 69exit $rc 70