[Logwatch-Devel] patch to secure - xinetd rate limiting refusals

Mike Tremaine mgt at stellarcore.net
Wed Sep 28 11:26:42 MST 2005


On Wed, 2005-09-21 at 22:27, David Baldwin wrote:
> Not sure if these should be relegated to the dustbin of refusals along with 
> libwrap, etc - could be indicating more serious issues or tuning required. 
> Ideally should record failure reasons for xinetd run services and include in 
> detail report.
> 
> David.
> 
> --- scripts/services/secure     13 Sep 2005 18:42:58 -0000      1.56
> +++ scripts/services/secure     22 Sep 2005 05:19:13 -0000
> @@ -230,7 +230,7 @@
>      } elsif ( $ThisLine =~ /^\/usr\/bin\/sudo: ([^\s]+) : (command not 
> allowed)?.+ ; COMMAND=(.*)$/ ) {
>         # sudo unauthorized commands
>         push @SudoList, "$1: $3\n" unless ($2 eq "");
> -   } elsif ( ($service, $from) = ($ThisLine =~ /^xinetd\[\d+\]: FAIL: (.+) 
> (?:address|libwrap) from=([\d.]+)/)) {
> +   } elsif ( ($service, $from) = ($ThisLine =~ /^xinetd\[\d+\]: FAIL: (.+) 
> (?:address|libwrap|service_limit|connections per second) from=([\d.]+)/)) {
>         if ($Ignore =~ /\b\Q$service\E\b/i) { next; }
>         $Refused->{$service}->{$from}++;
>      } elsif ( ($User) = ($ThisLine =~ /^chage\[\d+\]: changed password expiry 
> for ([^ ]+)/)) {

Committed to CVS.. [wonder is I should change the \d. to \d\.]

-- 
Mike Tremaine
mgt at stellarcore.net
http://www.stellarcore.net



More information about the Logwatch-Devel mailing list