Bug 162330 - security/logcheck cannot ignore sshd's PAM message.
Summary: security/logcheck cannot ignore sshd's PAM message.
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Greg Larkin
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-11-06 11:10 UTC by Shuichi KITAGUCHI
Modified: 2011-11-23 19:40 UTC (History)
0 users

See Also:


Attachments
file.diff (1.50 KB, patch)
2011-11-06 11:10 UTC, Shuichi KITAGUCHI
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Shuichi KITAGUCHI 2011-11-06 11:10:08 UTC
by default, logcheck's ignore rule seems to be matched for Linux's log message.
I noticed that some libpam messages are not same between Linux's and FreeBSD's.

from Linux's libpam...
  case PAM_AUTH_ERR:
    return _("Authentication failure");
  case PAM_USER_UNKNOWN:
    return _("User not known to the underlying authentication module");

from FreeBSD's libpam...
  case PAM_AUTH_ERR:
    return ("authentication error");
  case PAM_USER_UNKNOWN:
    return ("unknown user");

Fix: attached patch fixes this problem, I think.


Patch attached with submission follows:
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2011-11-07 20:52:54 UTC
Responsible Changed
From-To: freebsd-ports-bugs->glarking

Fix synopsis and assign.
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2011-11-07 21:18:24 UTC
Responsible Changed
From-To: glarking->glarkin

fix assignment.
Comment 3 Greg Larkin freebsd_committer 2011-11-23 19:37:30 UTC
State Changed
From-To: open->closed

Committed, thank you!
Comment 4 dfilter service freebsd_committer 2011-11-23 19:37:33 UTC
glarkin     2011-11-23 19:37:24 UTC

  FreeBSD ports repository

  Modified files:
    security/logcheck    Makefile 
  Added files:
    security/logcheck/files 
                            patch-rulefiles__linux__ignore.d.server__ssh 
  Log:
  - Updated the PAM ssh rule file to match messages emitted on FreeBSD vs.
    the Linux messages contained in the distro rule file
  - Bumped PORTREVISION
  
  PR:             ports/162330
  Submitted by:   Shuichi KITAGUCHI <ki@hh.iij4u.or.jp>
  Feature safe:   yes
  
  Revision  Changes    Path
  1.36      +4 -0      ports/security/logcheck/Makefile
  1.1       +13 -0     ports/security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"