[Logwatch-Devel] sshd fixes

Paweł Gołaszewski blues at ds.pg.gda.pl
Mon Aug 23 01:34:57 MST 2004


Hello,
this is small fix that adds reporting of login attempts into locked 
accounts.

-- 
pozdr.  Paweł Gołaszewski 
---------------------------------
If you think of MS-DOS as mono, and Windows as stereo,
then Linux is Dolby Pro-Logic Surround Sound with Bass Boost
and all the music is free.
-------------- next part --------------
Index: scripts/services/sshd
===================================================================
RCS file: /var/cvs/logwatch/scripts/services/sshd,v
retrieving revision 1.38
diff -u -r1.38 sshd
--- scripts/services/sshd	23 Jun 2004 15:01:17 -0000	1.38
+++ scripts/services/sshd	23 Aug 2004 07:43:26 -0000
@@ -179,6 +179,8 @@
    } elsif ( ($Method,$User,$Host) = ($ThisLine =~ /^Postponed ([^ ]*) for (illegal user [^ ]*|[^ ]*) from ([^ ]*) port \d+ ssh/)) {
       $PostPonedAuth{"$User/$Method"}{$Host}++;
       $IllegalUsers{"$User/$Method"}++;
+   } elsif ( ($User) = ($ThisLine =~ /^User ([^ ]*) not allowed because account is locked/)) {
+      $LockedAccount{$User}++;
    } elsif ( ($IP) = ($ThisLine =~ /^scanned from ([^ ]*)/) ) {
       push @Scanned, LookupIP($IP);
    } else {
@@ -266,6 +268,13 @@
    }
 }
 
+if (keys %LockedAccount) {
+   print "\nLocked account login attempts:\n";
+   foreach $User (sort {$a cmp $b} keys %LockedAccount) {
+      print "   $User : $LockedAccount{$User} Time(s)\n";
+   }
+}
+
 if ((keys %LoginLock) and ($Detail >= 5)) {
    print "\nUser login attempt when nologin was set:\n";
    foreach $User (sort {$a cmp $b} keys %LoginLock) {


More information about the Logwatch-Devel mailing list