[Logwatch-Devel] sshd script bug?

Marco Alberoni m.alberoni at cineca.it
Fri Mar 25 04:39:29 MST 2005


In my opinion there is a little bug in the 
"logwatch-6.0.1/scripts/services/sshd" script: all the regular 
expressions which try to match a ssh connection log are (correctly!) 
like the following pattern:
$ThisLine =~ m/^SOME_TEXT from ([^ ]+) port (\d+)/
except for (according to me, erroneously) line number 173:
$ThisLine =~ m/^Failed (\w+) for (\S+) from ([\d.]+) port (\d+)/

So, I propose to aplly the following patch:

--- scripts/services/sshd       2005-02-24 18:08:05.000000000 +0100
+++ scripts/services/sshd.new   2005-03-25 09:51:38.000000000 +0100
@@ -170,7 +170,7 @@
        if ( $Debug >= 5 ) {
           print STDERR "DEBUG: Found -Keygen complete- line\n";
        }
-   } elsif ( $ThisLine =~ m/^Failed (\w+) for (\S+) from ([\d.]+) port 
(\d+)/ ) { #openssh
+   } elsif ( $ThisLine =~ m/^Failed (\w+) for (\S+) from ([^ ]+) port 
(\d+)/ ) { #openssh
        # depending on log mode, openssh may not report these in 
connection context.
        if ( $Debug >= 5 ) {
           print STDERR "DEBUG: Found -Failed login- line\n";

What do you think about?

-- 
                 Marco Alberoni
       CINECA - Systems management group


More information about the Logwatch-Devel mailing list