xref: /dragonfly/etc/periodic/security/800.loginfail (revision 27d10e5a9856b99bbe98c632eccdfb9e796ab790)
1#!/bin/sh -
2#
3# Copyright (c) 2001  The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: head/etc/periodic/security/800.loginfail 262273 2014-02-20 23:43:49Z brueffer $
28#
29
30# Show login failures
31#
32
33# If there is a global system configuration file, suck it in.
34#
35if [ -r /etc/defaults/periodic.conf ]
36then
37    . /etc/defaults/periodic.conf
38    source_periodic_confs
39fi
40
41security_daily_compat_var security_status_logdir
42security_daily_compat_var security_status_loginfail_enable
43
44LOG="${security_status_logdir}"
45
46yesterday=`date -v-1d "+%b %e "`
47
48catmsgs() {
49          find ${LOG} -name 'auth.log.*' -mtime -2 |
50              sort -t. -r -n -k 2,2 |
51              while read f
52              do
53                    case $f in
54                        *.gz) zcat -f $f;;
55                        *.bz2)          bzcat -f $f;;
56                        *.xz) xzcat -f $f;;
57                        *.zst)          zstdcat $f;;
58                    esac
59              done
60          [ -f ${LOG}/auth.log ] && cat $LOG/auth.log
61}
62
63rc=0
64
65if check_yesno_period security_status_loginfail_enable
66then
67          echo ""
68          echo "${host} login failures:"
69          n=$(catmsgs | egrep -ia "^$yesterday.*: .*\b(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\b" |
70              tee /dev/stderr | wc -l)
71          [ $n -gt 0 ] && rc=1 || rc=0
72fi
73
74exit $rc
75