[Logwatch-Devel] sshd script bug?

Paweł Gołaszewski blues at ds.pg.gda.pl
Tue Mar 29 04:30:04 MST 2005


On Fri, 25 Mar 2005, Marco Alberoni wrote:

> In my opinion there is a little bug in the
> "logwatch-6.0.1/scripts/services/sshd" script: all the regular expressions
> which try to match a ssh connection log are (correctly!) like the following
> pattern:
> $ThisLine =~ m/^SOME_TEXT from ([^ ]+) port (\d+)/
> except for (according to me, erroneously) line number 173:
> $ThisLine =~ m/^Failed (\w+) for (\S+) from ([\d.]+) port (\d+)/
> 
> So, I propose to aplly the following patch:
> 
> --- scripts/services/sshd       2005-02-24 18:08:05.000000000 +0100
> +++ scripts/services/sshd.new   2005-03-25 09:51:38.000000000 +0100
> @@ -170,7 +170,7 @@
> if ( $Debug >= 5 ) {
>   print STDERR "DEBUG: Found -Keygen complete- line\n";
>        }
> -   } elsif ( $ThisLine =~ m/^Failed (\w+) for (\S+) from ([\d.]+) port (\d+)/
> ) { #openssh
> +   } elsif ( $ThisLine =~ m/^Failed (\w+) for (\S+) from ([^ ]+) port (\d+)/
> ) { #openssh
>        # depending on log mode, openssh may not report these in connection
> context.
> if ( $Debug >= 5 ) {
> print STDERR "DEBUG: Found -Failed login- line\n";
> 
> What do you think about?

veto :)

If that entry will be changed for what you have proposed there will be 
none IPv6 and v4-to-v6-mapped addresses catched.

-- 
pozdr.  Paweł Gołaszewski 
---------------------------------
If you think of MS-DOS as mono, and Windows as stereo,
then Linux is Dolby Pro-Logic Surround Sound with Bass Boost
and all the music is free.


More information about the Logwatch-Devel mailing list