|
Packit |
57988d |
use strict;
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
# $Id$
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
# $Log: pam_unix,v $
|
|
Packit |
57988d |
# Revision 1.36 2011/01/05 22:01:00 stefan
|
|
Packit |
57988d |
# recognize: <service>[3254]: PAM <something>
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.35 2008/03/24 23:31:26 kirk
|
|
Packit |
57988d |
# added copyright/license notice to each script
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.34 2008/02/20 16:26:35 kirk
|
|
Packit |
57988d |
# added rexec to pam_unix
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.33 2008/01/16 20:36:09 bjorn
|
|
Packit |
57988d |
# Changes to handle Ubuntu 7.10, and corrected for Fedora 5, by Paul Schulz.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.32 2008/01/16 20:02:44 bjorn
|
|
Packit |
57988d |
# Coalesced different services into one elsif, and added cups.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.31 2007/11/25 19:57:53 bjorn
|
|
Packit |
57988d |
# Treating runuser-l and runuser the same, by Ivana Varekova.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.30 2007/07/18 18:22:45 bjorn
|
|
Packit |
57988d |
# Additional filtering, by Ivana Varekova.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.29 2006/12/20 15:46:45 bjorn
|
|
Packit |
57988d |
# Additional filtering by Ivana Varekova.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.28 2006/10/20 16:41:38 bjorn
|
|
Packit |
57988d |
# Resolve uids, and better capture of authentication failure, by Willi Mann.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.27 2006/09/15 15:40:58 bjorn
|
|
Packit |
57988d |
# Additional filtering by Ivana Varekova.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.26 2006/01/20 22:31:04 bjorn
|
|
Packit |
57988d |
# Handle new pam_unix format, by Ivana Varekova.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.25 2005/12/01 04:15:04 bjorn
|
|
Packit |
57988d |
# Added dovecot.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.24 2005/11/30 05:03:00 bjorn
|
|
Packit |
57988d |
# Add support for kcheckpass, by Willi Mann.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.23 2005/11/28 01:16:33 bjorn
|
|
Packit |
57988d |
# Fixed typo introduced at previous update.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.22 2005/11/24 16:45:44 bjorn
|
|
Packit |
57988d |
# Cleaned up some unknowns, made regexps consistent, by David Baldwin.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.21 2005/09/26 18:19:03 mike
|
|
Packit |
57988d |
# Added rsh support per David Baldwin -mgt
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.20 2005/08/23 22:10:26 mike
|
|
Packit |
57988d |
# Auth failure patch for RHEL 3 from Sergey Svishchev -mgt
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.19 2005/04/20 17:12:26 bjorn
|
|
Packit |
57988d |
# Changes for Debian by Willi Mann
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.18 2005/04/17 23:45:16 bjorn
|
|
Packit |
57988d |
# Bug fixes on Authentication Failure patch from Markus Lude and
|
|
Packit |
57988d |
# empty lognames and samba service names from Willi Mann
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.17 2005/02/24 17:08:05 kirk
|
|
Packit |
57988d |
# Applying consolidated patches from Mike Tremaine
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.9 2005/02/16 00:43:28 mgt
|
|
Packit |
57988d |
# Added #vi tag to everything, updated ignore.conf with comments, added emerge and netopia to the tree from Laurent -mgt
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.8 2005/02/13 23:50:42 mgt
|
|
Packit |
57988d |
# Tons of patches from Pawel and PLD Linux folks...Thanks! -mgt
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.7 2005/02/13 21:26:13 mgt
|
|
Packit |
57988d |
# patches from Michael Weiser -mgt
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.6 2005/02/13 20:28:42 mgt
|
|
Packit |
57988d |
# More init corrections -mgt
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.5 2004/10/11 18:37:15 mgt
|
|
Packit |
57988d |
# patches from Pawel -mgt
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.4 2004/07/29 19:33:29 mgt
|
|
Packit |
57988d |
# Chmod and removed perl call -mgt
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.3 2004/07/10 01:54:35 mgt
|
|
Packit |
57988d |
# sync with kirk -mgt
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.14 2004/06/21 14:59:05 kirk
|
|
Packit |
57988d |
# Added tons of patches from Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Thanks, as always!
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.13 2004/02/03 02:45:26 kirk
|
|
Packit |
57988d |
# Tons of patches, and new 'oidentd' and 'shaperd' filters from
|
|
Packit |
57988d |
# Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
#######################################################
|
|
Packit |
57988d |
## Copyright (c) 2008 Kirk Bauer
|
|
Packit |
57988d |
## Covered under the included MIT/X-Consortium License:
|
|
Packit |
57988d |
## http://www.opensource.org/licenses/mit-license.php
|
|
Packit |
57988d |
## All modifications and contributions by other persons to
|
|
Packit |
57988d |
## this script are assumed to have been donated to the
|
|
Packit |
57988d |
## Logwatch project and thus assume the above copyright
|
|
Packit |
57988d |
## and licensing terms. If you want to make contributions
|
|
Packit |
57988d |
## under your own copyright or a different license this
|
|
Packit |
57988d |
## must be explicitly stated in the contribution an the
|
|
Packit |
57988d |
## Logwatch project reserves the right to not accept such
|
|
Packit |
57988d |
## contributions. If you have made significant
|
|
Packit |
57988d |
## contributions to this script and want to claim
|
|
Packit |
57988d |
## copyright please contact logwatch-devel@lists.sourceforge.net.
|
|
Packit |
57988d |
#########################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
# TO-DO
|
|
Packit |
57988d |
# We really should search for specific strings (authentication failure,
|
|
Packit |
57988d |
# bad username, check pass, password changed, session opened/closed,
|
|
Packit |
57988d |
# account expired, etc., using the service name as a variable in the hash,
|
|
Packit |
57988d |
# instead of having to add a test for every new service.
|
|
Packit |
57988d |
###########################################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
use Logwatch ':sort';
|
|
Packit |
57988d |
|
|
Packit |
57988d |
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
|
|
Packit |
57988d |
|
|
Packit |
57988d |
my ($service, $line, %data);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
while ($line = <STDIN>) {
|
|
Packit |
57988d |
chomp $line;
|
|
Packit |
57988d |
$service = $line;
|
|
Packit |
57988d |
# for fedora and others
|
|
Packit |
57988d |
if ($line =~ s/^... .. ..:..:.. .+ .+\(pam_unix\)\[\d+\]: //) {
|
|
Packit |
57988d |
$service =~ s/^... .. ..:..:.. .+ (.+)\(pam_unix\)\[\d+\]: .*$/$1/;
|
|
Packit |
57988d |
# new fedora (fc5) version
|
|
Packit |
57988d |
} elsif ( $line =~ s/^... .. ..:..:.. .+ pam_unix\(.+:.+\): // ) {
|
|
Packit |
57988d |
$service =~ s/^... .. ..:..:.. .+ pam_unix\((.+):.+\): .*$/$1/;
|
|
Packit |
57988d |
# fedora with pam_sss
|
|
Packit |
57988d |
} elsif ( $line =~ s/^... .. ..:..:.. .+ pam_sss\(.+:.+\): // ) {
|
|
Packit |
57988d |
$service =~ s/^... .. ..:..:.. .+ pam_sss\((.+):.+\): .*$/$1/;
|
|
Packit |
57988d |
# for debian sarge - "normal" lines
|
|
Packit |
57988d |
} elsif ($line =~ s/^... .. ..:..:.. .+ [^ :]+: \(pam_unix\) //) {
|
|
Packit |
57988d |
$service =~ s/^... .. ..:..:.. .+ ([^\s:\[\]]+)(?:\[[0-9]+\]|): \(pam_unix\) .*$/$1/;
|
|
Packit |
57988d |
#for debian sarge - kdm - why can't they log in standard-compliant way?
|
|
Packit |
57988d |
} elsif ( $line =~ s/^... .. ..:..:.. .+ [^\s:\[\]]+: [0-9:\[\]\.]+ \(pam_unix\) //) {
|
|
Packit |
57988d |
$service =~ s/^... .. ..:..:.. .+ ([^\s:\[\]]+): [0-9:\[\]\.]+ \(pam_unix\) .*$/$1/;
|
|
Packit |
57988d |
#for debian woody
|
|
Packit |
57988d |
} elsif ( $line =~ s/^... .. ..:..:.. .+ PAM_unix\[\d+\]: \((.*?)\) // ) {
|
|
Packit |
57988d |
$service =~ s/^... .. ..:..:.. .+ PAM_unix\[\d+\]: \(([^ ]*)\) .*/$1/;
|
|
Packit |
57988d |
# for Ubuntu 7.10
|
|
Packit |
57988d |
} elsif ( $line =~ s/^... .. ..:..:.. .+ \S+\[\d+\]: pam_unix_\S+\(.+:.+\): // ) {
|
|
Packit |
57988d |
$service =~ s/^... .. ..:..:.. .+ \S+\[\d+\]: pam_unix_\S+\((.+):.+\): .*$/$1/;
|
|
Packit |
57988d |
# for debian and others ?
|
|
Packit |
57988d |
} elsif ($line =~ s/^... .. ..:..:.. \S+ \S+\[\d+\]: PAM //) {
|
|
Packit |
57988d |
$service =~ s/^... .. ..:..:.. \S+ (\S+)\[\d+\]: PAM .*/$1/;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
next;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
# handle password expiring globally
|
|
Packit |
57988d |
if ($line =~ /^password for user (.+) will expire in (\d+) days/) {
|
|
Packit |
57988d |
$data{"all"}{'Password Expiring'}{"$1 in $2 days"}++;
|
|
Packit |
57988d |
next;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
#lowercase the service
|
|
Packit |
57988d |
$service = lc($service);
|
|
Packit |
57988d |
if ( grep $_ eq $service, qw/ssh sshd login ftp vsftpd proftpd rsh remote rlogin rexec/) {
|
|
Packit |
57988d |
if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) {
|
|
Packit |
57988d |
($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/^session opened for user ([^ ]*) by ([^ ]*)\(uid=\d+\)/$1 by $2/) {
|
|
Packit |
57988d |
($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/^session opened for user (.+) by LOGIN\(uid=\d+\)/$1/) {
|
|
Packit |
57988d |
$data{$service}{'Sessions Opened'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ /session closed for user/) {
|
|
Packit |
57988d |
} elsif ($line =~ /^service\(sshd\) ignoring max retries/) {
|
|
Packit |
57988d |
# ignore these lines
|
|
Packit |
57988d |
} elsif ($line =~ s/^authentication failure; .*rhost=(\S*)\s+user=(\S*)$/$2 ($1)/) {
|
|
Packit |
57988d |
$data{$service}{'Authentication Failures'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/^authentication failure; .*rhost=(\S*)\s*$/unknown ($1)/) {
|
|
Packit |
57988d |
$data{$service}{'Authentication Failures'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/^authentication failure; logname=(\S*) uid=(\d+) .*user=(\S*)$/$1($2) -> $3/) {
|
|
Packit |
57988d |
$data{$service}{'Authentication Failures'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/^authentication failure; logname=(\S*) .*rhost=(\S*)\s+user=(\S*)$/($3 or $1)($2): /) {
|
|
Packit |
57988d |
$data{$service}{'Authentication Failures'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/^(\d+) more authentication failures?; .*rhost=(\S*)\s+user=(\S*)$/$3 ($2)/) {
|
|
Packit |
57988d |
$data{$service}{'Authentication Failures'}{$line} += $1;
|
|
Packit |
57988d |
} elsif ($line =~ s/^(\d+) more authentication failures?; .*rhost=(\S*)\s*$/unknown ($2)/) {
|
|
Packit |
57988d |
$data{$service}{'Authentication Failures'}{$line} += $1;
|
|
Packit |
57988d |
} elsif ($line =~ /check pass; user unknown/) {
|
|
Packit |
57988d |
$data{$service}{'Invalid Users'}{'Unknown Account'}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/^password changed for (.+)/$1(by sshd)/) {
|
|
Packit |
57988d |
($Detail >= 5) && $data{passwd}{'Password changed'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/^account (.+) has expired (failed to change password)$/$1/) {
|
|
Packit |
57988d |
$data{$service}{'Expired Accounts'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/bad username \[(.*)\]/$1/) {
|
|
Packit |
57988d |
$data{$service}{'Invalid Users'}{"Bad User: $line"}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/^authentication success; logname=(\S*) uid=(\d+) .*user=(\S*)$/$1($2) -> $3/) {
|
|
Packit |
57988d |
($Detail >= 5) && $data{$service}{'Authentication Success'}{$line}++;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$data{$service}{'Unknown Entries'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} elsif (grep $_ eq $service, qw/su sudo su-l/) {
|
|
Packit |
57988d |
if ( my ($logname, $uid, $ruser, $user) = ($line =~ /^authentication failure; logname=(\S*)\s+uid=(\d+) (?:.*ruser=(\S*)\s+)?.*user=(\S*)$/)) {
|
|
Packit |
57988d |
$line = ($logname or $ruser)."($uid) -> $user";
|
|
Packit |
57988d |
$data{$service}{'Authentication Failures'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ /session closed for user/) {
|
|
Packit |
57988d |
# ignore this line
|
|
Packit |
57988d |
} elsif ($line =~ /conversation failed/) {
|
|
Packit |
57988d |
# ignore this line. An other line will describe the reason.
|
|
Packit |
57988d |
} elsif (my ($nam, $byid) = ($line =~ /session opened for user (.+) by (.+)$/)) {
|
|
Packit |
57988d |
# resolve uid to name if possible
|
|
Packit |
57988d |
my $onam;
|
|
Packit |
57988d |
if ($byid =~ s/^\(uid=(\d+)\)$/$1/) {
|
|
Packit |
57988d |
$onam = getpwuid($byid) or $byid;
|
|
Packit |
57988d |
} elsif ($byid =~ s/^(\S+)\(uid=\d+\)$/$1/) {
|
|
Packit |
57988d |
$onam = $byid;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$onam = $byid;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
$data{$service}{'Sessions Opened'}{"$onam -> $nam"}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/auth could not identify password for \[(.*)\]/$1/) {
|
|
Packit |
57988d |
$data{$service}{'Not Identify Password For'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ /^account root has password changed in future/) {
|
|
Packit |
57988d |
#I'm not sure whether this info could not be reported
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$data{$service}{'Unknown Entries'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} elsif (grep $_ eq $service, qw/passwd propassd/) {
|
|
Packit |
57988d |
if ($line =~ s/^password changed for (.+)/$1/) {
|
|
Packit |
57988d |
($Detail >= 5) && $data{$service}{'Password changed'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} elsif (grep $_ eq $service, qw/gdm gdm-password gdm-welcome kdm kcheckpass xdm imap dovecot cups/) {
|
|
Packit |
57988d |
if ($line =~ s/^session opened for user (.+) by (?:\(unknown\))?\(uid=\d+\)/$1/) {
|
|
Packit |
57988d |
($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/^authentication failure;.* user=(.+)$/$1/) {
|
|
Packit |
57988d |
$data{$service}{'Authentication Failures'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/^authentication failure;.* ruser=(.+) rhost=.+$/$1/) {
|
|
Packit |
57988d |
$data{$service}{'Authentication Failures'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ /check pass; user unknown/) {
|
|
Packit |
57988d |
$data{$service}{'Invalid Users'}{'Unknown Account'}++;
|
|
Packit |
57988d |
} elsif ($line =~ /session closed for user/) {
|
|
Packit |
57988d |
# ignore this line
|
|
Packit |
57988d |
} elsif ($line =~ s/^authentication success; logname=(\S*) uid=(\d+) .*user=(\S*)$/$1($2) -> $3/) {
|
|
Packit |
57988d |
($Detail >= 5) && $data{$service}{'Authentication Success'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ /received for user.*Permission denied/) {
|
|
Packit |
57988d |
# ignore this line - paired with authentication failure
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$data{$service}{'Unknown Entries'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
} elsif (grep $_ eq $service, qw/spop3d pop/) {
|
|
Packit |
57988d |
if ($line =~ s/^session opened for user (.+)/$1/) {
|
|
Packit |
57988d |
$data{$service}{'Sessions Opened'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ /session closed for user/) {
|
|
Packit |
57988d |
# ignore this line
|
|
Packit |
57988d |
} elsif ($line =~ s/^authentication failure; .*user=(.+)$/$1/) {
|
|
Packit |
57988d |
$data{$service}{'Authentication Failures'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/^account (.+) has expired (failed to change password)$/$1/) {
|
|
Packit |
57988d |
$data{$service}{'Expired Accounts'}{$line}++;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$data{$service}{'Unknown Entries'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} elsif ($service eq 'tpop3d') {
|
|
Packit |
57988d |
if ($line =~ s/^authentication failure; .*rhost=(.+) user=(.+)$/$2 ($1)/) {
|
|
Packit |
57988d |
$data{$service}{'Authentication Failures'}{$line}++;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$data{$service}{'Unknown Entries'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} elsif (grep $_ eq $service, qw/pure-ftpd vsftpd/) {
|
|
Packit |
57988d |
if ($line =~ s/^session opened for user (.+)/$1/) {
|
|
Packit |
57988d |
$data{$service}{'Sessions Opened'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/^check pass; (.+)/$1/) {
|
|
Packit |
57988d |
$data{$service}{'Password Failures'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/^authentication failure; .*user=(.+)$/$1/) {
|
|
Packit |
57988d |
$data{$service}{'Authentication Failures'}{$line}++;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$data{$service}{'Unknown Entries'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} elsif (grep $_ eq $service, qw/xscreensaver gnome-screensaver kscreensaver/) {
|
|
Packit |
57988d |
if ($line =~ s/^authentication failure; .*uid=(\d+) euid=(\d+) tty=(.+) ruser= rhost= user=(.+)$/$4($1,$2) on display $3/) {
|
|
Packit |
57988d |
$data{$service}{'Authentication Failures'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} elsif ($service =~ /^(?:\/[\w\/]+\/|f)?crond?$/ ) {
|
|
Packit |
57988d |
if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) {
|
|
Packit |
57988d |
($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ /session closed for user/) {
|
|
Packit |
57988d |
# ignore this line
|
|
Packit |
57988d |
} elsif ($line =~ /^account root has password changed in future/) {
|
|
Packit |
57988d |
#I'm not sure whether this info could not be reported
|
|
Packit |
57988d |
} elsif ($line =~ /^adding faulty module: (.+)/) {
|
|
Packit |
57988d |
$data{$service}{'Faulty modules'}{$1}++;
|
|
Packit |
57988d |
} elsif ($line =~ /^unable to dlopen\(.+\): (.+)$/) {
|
|
Packit |
57988d |
$data{$service}{'Unable to dlopen'}{$1}++;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$data{$service}{'Unknown Entries'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} elsif ($service eq 'cyrus') {
|
|
Packit |
57988d |
if ($line =~ /check pass; user unknown/) {
|
|
Packit |
57988d |
$data{$service}{'Invalid Users'}{'Unknown Account'}++;
|
|
Packit |
57988d |
} elsif ($line =~ /authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=/) {
|
|
Packit |
57988d |
# ignore this line
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$data{$service}{'Unknown Entries'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} elsif (grep $_ eq $service, qw/samba smbd/) {
|
|
Packit |
57988d |
if ($line =~ s/^session opened for user (\S+) by (.+)/$1/) {
|
|
Packit |
57988d |
($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ s/^session closed for user (.+)/$1/) {
|
|
Packit |
57988d |
($Detail >= 8) && $data{$service}{'Sessions Closed'}{$line}++;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$data{$service}{'Unknown Entries'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} elsif (grep $_ eq $service, qw/runuser runuser-l/) {
|
|
Packit |
57988d |
if ($line =~/^session (opened)?(\/)?(closed)? for user [\w\.\-]+/) {
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$data{$service}{'Unknown Entries'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} elsif ($service eq 'atd') {
|
|
Packit |
57988d |
if ($line =~/^session (opened)?(\/)?(closed)? for user [\w\.\-]+/) {
|
|
Packit |
57988d |
} elsif ($line =~ /^account root has password changed in future/) {
|
|
Packit |
57988d |
#I'm not sure whether this info could not be reported
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$data{$service}{'Unknown Entries'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} elsif ($service eq 'system-config-date') {
|
|
Packit |
57988d |
if ($line =~ s/auth could not identify password for \[(.*)\]/$1/) {
|
|
Packit |
57988d |
$data{$service}{'Not Identify Password For'}{$line}++;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$data{$service}{'Unknown Entries'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} elsif ($service eq 'smtp') {
|
|
Packit |
57988d |
if ($line =~ s/^authentication failure; logname=(\S*) uid=(\d+).*user=(\S*)$/$1($2) -> $3/) {
|
|
Packit |
57988d |
$data{$service}{'Authentication Failures'}{$line}++;
|
|
Packit |
57988d |
} elsif ($line =~ /authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=/) {
|
|
Packit |
57988d |
# ignore this line
|
|
Packit |
57988d |
} elsif ($line =~ /check pass; user unknown/) {
|
|
Packit |
57988d |
$data{$service}{'Invalid Users'}{'Unknown Account'}++;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$data{$service}{'Unknown Entries'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$data{$service}{'Unknown Entries'}{$line}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
foreach my $service (sort {$a cmp $b} keys %data) {
|
|
Packit |
57988d |
print "$service:\n";
|
|
Packit |
57988d |
foreach my $type (sort {$a cmp $b} keys %{$data{$service}}) {
|
|
Packit |
57988d |
print " $type:\n";
|
|
Packit |
57988d |
my $sort = CountOrder(%{$data{$service}{$type}});
|
|
Packit |
57988d |
foreach my $entry (sort $sort keys %{$data{$service}{$type}}) {
|
|
Packit |
57988d |
print " $entry: $data{$service}{$type}{$entry} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print "\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
exit(0);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# vi: shiftwidth=3 tabstop=3 syntax=perl et
|
|
Packit |
57988d |
# Local Variables:
|
|
Packit |
57988d |
# mode: perl
|
|
Packit |
57988d |
# perl-indent-level: 3
|
|
Packit |
57988d |
# indent-tabs-mode: nil
|
|
Packit |
57988d |
# End:
|