1#!/bin/sh - 2# 3# Copyright (c) 2001 The FreeBSD Project 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# 27# $FreeBSD: head/etc/periodic/security/800.loginfail 262273 2014-02-20 23:43:49Z brueffer $ 28# 29 30# Show login failures 31# 32 33# If there is a global system configuration file, suck it in. 34# 35if [ -r /etc/defaults/periodic.conf ] 36then 37 . /etc/defaults/periodic.conf 38 source_periodic_confs 39fi 40 41security_daily_compat_var security_status_logdir 42security_daily_compat_var security_status_loginfail_enable 43 44LOG="${security_status_logdir}" 45 46yesterday=`date -v-1d "+%b %e "` 47 48catmsgs() { 49 find ${LOG} -name 'auth.log.*' -mtime -2 | 50 sort -t. -r -n -k 2,2 | 51 while read f 52 do 53 case $f in 54 *.gz) zcat -f $f;; 55 *.bz2) bzcat -f $f;; 56 *.xz) xzcat -f $f;; 57 *.zst) zstdcat $f;; 58 esac 59 done 60 [ -f ${LOG}/auth.log ] && cat $LOG/auth.log 61} 62 63rc=0 64 65if check_yesno_period security_status_loginfail_enable 66then 67 echo "" 68 echo "${host} login failures:" 69 n=$(catmsgs | egrep -ia "^$yesterday.*: .*\b(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\b" | 70 tee /dev/stderr | wc -l) 71 [ $n -gt 0 ] && rc=1 || rc=0 72fi 73 74exit $rc 75