[Logwatch-Devel] patch to secure - xinetd rate limiting refusals

David Baldwin david.baldwin at anu.edu.au
Wed Sep 21 22:27:08 MST 2005


Not sure if these should be relegated to the dustbin of refusals along with 
libwrap, etc - could be indicating more serious issues or tuning required. 
Ideally should record failure reasons for xinetd run services and include in 
detail report.

David.

--- scripts/services/secure     13 Sep 2005 18:42:58 -0000      1.56
+++ scripts/services/secure     22 Sep 2005 05:19:13 -0000
@@ -230,7 +230,7 @@
     } elsif ( $ThisLine =~ /^\/usr\/bin\/sudo: ([^\s]+) : (command not 
allowed)?.+ ; COMMAND=(.*)$/ ) {
        # sudo unauthorized commands
        push @SudoList, "$1: $3\n" unless ($2 eq "");
-   } elsif ( ($service, $from) = ($ThisLine =~ /^xinetd\[\d+\]: FAIL: (.+) 
(?:address|libwrap) from=([\d.]+)/)) {
+   } elsif ( ($service, $from) = ($ThisLine =~ /^xinetd\[\d+\]: FAIL: (.+) 
(?:address|libwrap|service_limit|connections per second) from=([\d.]+)/)) {
        if ($Ignore =~ /\b\Q$service\E\b/i) { next; }
        $Refused->{$service}->{$from}++;
     } elsif ( ($User) = ($ThisLine =~ /^chage\[\d+\]: changed password expiry 
for ([^ ]+)/)) {


-- 
=====================================================================+
David Baldwin                   mailto:David.Baldwin at anu.edu.au      |
Supercomputer Facility          URL: http://www.anu.edu.au/~u8611156 |
II Services, Huxley Building    Ph:  {intl+61+2 | (02)} 6125 0321    |
Australian National University  FAX: {intl+61+2 | (02)} 6125 8199    |
Canberra ACT 0200, AUSTRALIA  *======================================+


More information about the Logwatch-Devel mailing list