Bug 247389

Summary: 800.loginfail and 900.tcpwrap (/etc/periodic/security) don't produce output
Product: Base System Reporter: xaphod
Component: confAssignee: freebsd-bugs (Nobody) <bugs>
Status: New ---    
Severity: Affects Only Me CC: emaste
Priority: ---    
Version: 12.1-STABLE   
Hardware: Any   
OS: Any   

Description xaphod 2020-06-18 18:26:02 UTC
/etc/periodic/security/800.loginfail
/etc/periodic/security/900.tcpwrap

Perhaps it's just me missing the bleeding obvious, but these two scripts appear to be wired backwards, and therefore don't produce output.  Also, the egrep regex in 800.loginfail doesn't work for me either.  A quick edit & test... and all appears to work as intended.

--- 800.loginfail-old   2019-10-19 19:05:16.208356000 +0000
+++ 800.loginfail       2020-06-18 18:24:45.772960000 +0000
@@ -46,7 +46,7 @@
 yesterday=`date -v-1d "+%b %e "`

 catmsgs() {
-       find ${LOG} -name 'auth.log.*' -mtime -2 |
+       find ${LOG} -name 'messages.*' -mtime -2 |
            sort -t. -r -n -k 2,2 |
            while read f
            do
@@ -55,7 +55,7 @@
                    *.bz2)      bzcat -f $f;;
                esac
            done
-       [ -f ${LOG}/auth.log ] && cat $LOG/auth.log
+       [ -f ${LOG}/messages ] && cat $LOG/messages
 }

 rc=0
@@ -64,7 +64,7 @@
 then
        echo ""
        echo "${host} login failures:"
-       n=$(catmsgs | egrep -ia "^$yesterday.*: .*\b(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\b" |
+       n=$(catmsgs | egrep -ia "^$yesterday.*: .*\<(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\>" |
            tee /dev/stderr | wc -l)
        [ $n -gt 0 ] && rc=1 || rc=0
 fi
--- 900.tcpwrap-old     2019-10-19 19:05:16.224470000 +0000
+++ 900.tcpwrap 2020-06-18 18:24:07.948855000 +0000
@@ -46,7 +46,7 @@
 yesterday=`date -v-1d "+%b %e "`

 catmsgs() {
-       find ${LOG} -name 'messages.*' -mtime -2 |
+       find ${LOG} -name 'auth.log.*' -mtime -2 |
            sort -t. -r -n -k 2,2 |
            while read f
            do
@@ -55,7 +55,7 @@
                    *.bz2)      bzcat -f $f;;
                esac
            done
-       [ -f ${LOG}/messages ] && cat $LOG/messages
+       [ -f ${LOG}/auth.log ] && cat $LOG/auth.log
 }

 rc=0