[Logwatch-Devel] pam_abl patch for logwatch 6.1.2

Gilles Detillieux grdetil at scrc.umanitoba.ca
Wed Sep 21 09:19:16 MST 2005


I recently installed pam_abl on my Linux boxes.  Here's a patch to the
scripts/services/secure script to summarize pam_abl log entries.

--- scripts/services/secure.orig	2005-07-14 02:22:22.000000000 -0500
+++ scripts/services/secure	2005-09-21 10:47:08.000000000 -0500
@@ -207,6 +207,12 @@ while (defined($ThisLine = <STDIN>)) {
    } elsif ( ($service, $from) = ($ThisLine =~ /^xinetd\[\d+\]: FAIL: (.+) (?:address|libwrap) from=([\d.]+)/)) {
       if ($Ignore =~ /\b\Q$service\E\b/i) { next; }    
       $Refused->{$service}->{$from}++;
+   } elsif ( ($from, $service, $user) = ($ThisLine =~ /^pam_abl\[\d+\]: Blocking access from (.+) to service (.+), user (.+)/)) {
+      if ($Detail >= 5) {
+         $Refused->{$service}->{$from."/".$user}++;
+      } else {
+         $Refused->{$service}->{$from}++;
+      }
    } elsif ( ($User) = ($ThisLine =~ /^chage\[\d+\]: changed password expiry for ([^ ]+)/)) {
       $PasswordExpiry{$User}++;
    } elsif ( (undef) = ($ThisLine =~ /^pam_console\[\d+\]: console file lock already in place ([^ ]+)/ )) {

-- 
Gilles R. Detillieux              E-mail: <grdetil at scrc.umanitoba.ca>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. Physiology, U. of Manitoba  Winnipeg, MB  R3E 3J7  (Canada)


More information about the Logwatch-Devel mailing list