[Logwatch-Devel] pam_abl patch for logwatch 6.1.2

Mike Tremaine mgt at stellarcore.net
Wed Sep 28 10:26:26 MST 2005


This has been committed to CVS. 

On Wed, 2005-09-21 at 09:19, Gilles Detillieux wrote:
> I recently installed pam_abl on my Linux boxes.  Here's a patch to the
> scripts/services/secure script to summarize pam_abl log entries.
> 
> --- scripts/services/secure.orig	2005-07-14 02:22:22.000000000 -0500
> +++ scripts/services/secure	2005-09-21 10:47:08.000000000 -0500
> @@ -207,6 +207,12 @@ while (defined($ThisLine = <STDIN>)) {
>     } elsif ( ($service, $from) = ($ThisLine =~ /^xinetd\[\d+\]: FAIL: (.+) (?:address|libwrap) from=([\d.]+)/)) {
>        if ($Ignore =~ /\b\Q$service\E\b/i) { next; }    
>        $Refused->{$service}->{$from}++;
> +   } elsif ( ($from, $service, $user) = ($ThisLine =~ /^pam_abl\[\d+\]: Blocking access from (.+) to service (.+), user (.+)/)) {
> +      if ($Detail >= 5) {
> +         $Refused->{$service}->{$from."/".$user}++;
> +      } else {
> +         $Refused->{$service}->{$from}++;
> +      }
>     } elsif ( ($User) = ($ThisLine =~ /^chage\[\d+\]: changed password expiry for ([^ ]+)/)) {
>        $PasswordExpiry{$User}++;
>     } elsif ( (undef) = ($ThisLine =~ /^pam_console\[\d+\]: console file lock already in place ([^ ]+)/ )) {
-- 
Mike Tremaine
mgt at stellarcore.net
http://www.stellarcore.net



More information about the Logwatch-Devel mailing list