Bug 66726

Summary: /etc/periodic/security/ 800.loginfail script reports failed logins from previous year
Product: Base System Reporter: Mark Steven Baker <msbaker>
Component: confAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description Mark Steven Baker 2004-05-17 07:00:39 UTC 
The 800.loginfail script in /etc/periodic/security that normally runs  
via cron every night is supposed to report login failures from /var/log/auth.log for the previous day and email this to root as part of the daily security report. 

If a single auth.log file exists on a system with a year of syslog data, the current script will report failed login errors from the previous date one year earlier as well.

Fix: 

I had some trouble understanding the catmsg function in 800.loginfail, so I can't suggest a fix.
How-To-Repeat: Edit the /var/log/auth.log file, creating some bogus login failures for   one year earlier than the previous day. Then manually run the 
/etc/periodic/security/800.loginfail script and see that these year-old login failures are reported.
Comment 1 Gavin Atkinson freebsd_committer freebsd_triage 2007-07-19 14:17:20 UTC 
State Changed
From-To: open->closed

Duplicate of conf/70715, which contains slightly more info. 
Thanks for your bug report!