[PATCH] logwatch-secure.patch.patch

Michal Kochanowicz michal w michal.waw.pl
Wto, 8 Cze 2004, 23:39:05 CEST 

Hej,

załączony patch dodaje obsługę komunikatów checkpassword-pam: podaje
podsumowanie ilości udanych i nieudanych prób autentykacji z podziałem
na użytkowników i usługi.
-- 
--= Michal Kochanowicz =--==--==BOFH==--==--= michal w michal.waw.pl =--
--= finger me for PGP public key or visit http://michal.waw.pl/PGP =--
--==--==--==--==--==-- Vodka. Connecting people.--==--==--==--==--==--
A chodzenie po górach SSIE!!!
-------------- następna część ---------
Index: logwatch-secure.patch
===================================================================
RCS file: /cvsroot/SOURCES/logwatch-secure.patch,v
retrieving revision 1.12
diff -u -r1.12 logwatch-secure.patch
--- logwatch-secure.patch	20 May 2004 07:20:57 -0000	1.12
+++ logwatch-secure.patch	8 Jun 2004 21:34:12 -0000
@@ -77,7 +77,7 @@
        push @RemoveFromGroup, "    user $1 from group $3\n";
        # This is an inetd lookup... $1 is the service (i.e. ftp), $2 is the response
        # I don't think these are important to log at this time
-@@ -141,8 +163,18 @@
+@@ -141,8 +163,33 @@
        $Refused->{$service}->{$from}++;
     } elsif ( ($User) = ($ThisLine =~ /^chage\[\d+\]: changed password expiry for ([^ ]+)/)) {
        $PasswordExpiry{$User}++;
@@ -94,10 +94,25 @@
 +      $UidChange{"$User: $From -> $To"}++;
 +   } elsif ( ($User,$From,$To) = ($ThisLine =~ /^usermod\[\d+\]: change user `(.*)' GID from `(.*)' to `(.*)'/)) {
 +      $GidChange{"$User: $From -> $To"}++;
++   # checkpassword-pam
++   } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Reading username and password/)) {
++   } elsif ( ($PID,$Username) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Username '([^']+)'/)) {
++      $ChkPasswdPam{$PID}{'Username'} = $Username;
++   } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Password read successfully/)) {
++   } elsif ( ($PID,$Service) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Initializing PAM library using service name '([^']+)'/)) {
++      $ChkPasswdPam{$PID}{'Service'} = $Service;
++   } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Pam library initialization succeeded/)) {
++   } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: conversation\(\): msg\[0\], style PAM_PROMPT_ECHO_OFF, msg = "Password: "/)) {
++   } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Authentication passed/)) {
++      $ChkPasswdPam{$PID}{'Success'} = 'true';
++   } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Account management succeeded/)) {
++   } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Setting PAM credentials succeeded/)) {
++   } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Terminating PAM library/)) {
++   } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Exiting with status 0/)) {
     } else {
        # Unmatched entries...
        push @OtherList, "$ThisLine\n";
-@@ -164,14 +196,21 @@
+@@ -164,14 +211,21 @@
  }
  
  if (@DeletedGroups) {
@@ -122,7 +137,7 @@
           print "      $User\n";
        }
     }
-@@ -181,6 +220,31 @@
+@@ -181,6 +235,31 @@
     print "\nRemoved From Group:\n w RemoveFromGroup\n";
  }
  
@@ -154,7 +169,7 @@
  if (keys %{$Connections}) {
     print "\nConnections:\n";
     foreach $ThisOne (keys %{$Connections}) {
-@@ -225,13 +289,23 @@
+@@ -225,13 +304,23 @@
     }
  }
  
@@ -180,7 +195,7 @@
  if (keys %Error) {
     print "\nErrors:\n";
     foreach $Service (sort {$a cmp $b} keys %Error) {
-@@ -264,6 +338,35 @@
+@@ -264,11 +353,57 @@
     }
  }
  
@@ -216,3 +231,25 @@
  if ($#SudoList >= 0) {
     print "\nUnauthorized sudo commands attempted (" . ($#SudoList + 1) . "):\n";
     print @SudoList;
+ }
+ 
++if (keys %ChkPasswdPam) {
++   print "\ncheckpassword-pam (SUID root PAM client):\n";
++   foreach $PID (sort {$a cmp $b} keys %ChkPasswdPam) {
++      $ServiceUsernamePair = $ChkPasswdPam{$PID}{'Username'}.' => '.$ChkPasswdPam{$PID}{'Service'};
++      if ($ChkPasswdPam{$PID}{'Success'} eq 'true') {
++         $Successes{$ServiceUsernamePair}++;
++      } else {
++         $Failures{$ServiceUsernamePair}++;
++      }
++   }
++   foreach $ServiceUsernamePair (sort {$a cmp $b} keys %Successes) {
++      $S = $Successes{$ServiceUsernamePair} ? $Successes{$ServiceUsernamePair} : 0;
++      $F = $Failures{$ServiceUsernamePair} ? $Failures{$ServiceUsernamePair} : 0;
++      print "   $ServiceUsernamePair : $S success(es), $F failure(s)\n";
++   }
++}
++
+ if ($#OtherList >= 0) {
+    print "\n**Unmatched Entries**\n";
+    print @OtherList;

Więcej informacji o liście dyskusyjnej pld-devel-pl