[Logwatch-Devel] secure script support for vmware

Hugo van der Kooij hvdkooij at vanderkooij.org
Thu Jun 7 12:19:07 MST 2007


On Thu, 7 Jun 2007, Hugo van der Kooij wrote:

> I will see if I can write a patch for this one.
>
> And I need to look into the missing modules stuff ;-)

Got the logwatch patch attached.

Hugo.

-- 
 	hvdkooij at vanderkooij.org	http://hugo.vanderkooij.org/
 	    This message is using 100% recycled electrons.

 	Some men see computers as they are and say "Windows"
 	I use computers with Linux and say "Why Windows?"
 		(Thanks JFK, for the insight.)
-------------- next part --------------
--- secure-SHIPPED	2007-01-06 15:08:22.000000000 +0100
+++ secure	2007-06-07 21:13:31.000000000 +0200
@@ -2,6 +2,10 @@
 # $Id: secure,v 1.69 2006/03/20 20:42:57 bjorn Exp $
 ##########################################################################
 # $Log: secure,v $
+#
+# Revision x.xx  2007/06/07 21:12:37  HvdK
+# Added some support for VmWare messages
+#
 # Revision 1.69  2006/03/20 20:42:57  bjorn
 # Additional filtering, by Ivana Varekova.
 #
@@ -164,6 +168,8 @@
       ( $ThisLine =~ /pam_timestamp\(?[^ ]*\)?: timestamp file `([^ ]+)' is only \d+ seconds old, allowing access to ([^ ]+) for user ([^ ]+)/) or
       ( $ThisLine =~ /pam_timestamp\(?[^ ]*\)?: timestamp file `([^ ]+)'/) or # has unacceptable age \(\d+ seconds\), disallowing access to ([^ ]+) for user ([^ ]+)/) or
       ( $ThisLine =~ /userhelper\[\d+\]: running '([^ ]+)' with [^ ]+ context/) or
+      ( $ThisLine =~ /vmware-authd\[[0-9]+\]: PAM \[error: [^ ]+ cannot open shared object file: No such file or directory\]/) or
+      ( $ThisLine =~ /vmware-authd\[[0-9]+\]: PAM adding faulty module: [^ ]+/) or
       ( $ThisLine =~ /pam_timestamp\(.*:session\): updated timestamp file `\/var\/run\/sudo.*'/)   
    ) {
       # Ignore these entries
@@ -354,8 +360,13 @@
       $PwdChange{"$User"}++;
    } elsif ( ($User) = ($ThisLine =~ /^cvs: password mismatch for ([^']+): ([^']+) vs. ([^']+)/) ){
       $cvs_passwd_mismatch{$User}++;       
-   } elsif ( ($User,$From,$To) = ($ThisLine =~ /usermod\[[0-9]*\]: change user `([^ ]*)' shell from `([^ ]*)' to `([^ ]*)'/) ) {
+   } elsif ( ($User,$From,$To) = ($ThisLine =~ /usermod\[[0-9]+\]: change user `([^ ]*)' shell from `([^ ]*)' to `([^ ]*)'/) ) {
       $ChangedShell{"$User,$From,$To"}++;
+   } elsif ( ($Library) = ($ThisLine =~ /vmware-authd\[\d+\]: PAM unable to dlopen\(([^ ]+)\)/) ) {
+      $MissingLib{"$Library"}++
+   } elsif ( ($Client,$User) = ($ThisLine =~ /vmware-authd\[\d+\]: login from ([0-9\.]+) as ([^ ]+)/) ) {
+      $UserLogin{$User}++;
+   } elsif ( ($User) = ($ThisLine =~ /vmware-authd\[\d+\]: pam_unix_auth\(vmware-authd:auth\): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=([^ ]*)/) ) {
    } else {
       # Unmatched entries...
       push @OtherList, "$ThisLine\n";
@@ -662,6 +673,13 @@
    print @OtherList;
 }
 
+if (keys %MissingLib) {
+   print "\n Missing libraries:\n";
+   foreach $Lib (keys %MissingLib) {
+      print "   $Lib : $MissingLib{$Lib} Time(s)\n";
+   }
+}
+
 exit(0);
 
 # vi: shiftwidth=3 tabstop=3 syntax=perl et


More information about the Logwatch-Devel mailing list