--- logwatch-7.3.4/scripts/services/pam_unix.pom 2006-12-20 16:46:45.000000000 +0100
+++ logwatch-7.3.4/scripts/services/pam_unix 2007-03-08 14:55:17.000000000 +0100
@@ -1,17 +1,8 @@
use strict;
##########################################################################
-# $Id: pam_unix,v 1.29 2006/12/20 15:46:45 bjorn Exp $
+# $Id: pam_unix,v 1.26 2006/01/20 22:31:04 bjorn Exp $
##########################################################################
# $Log: pam_unix,v $
-# Revision 1.29 2006/12/20 15:46:45 bjorn
-# Additional filtering by Ivana Varekova.
-#
-# Revision 1.28 2006/10/20 16:41:38 bjorn
-# Resolve uids, and better capture of authentication failure, by Willi Mann.
-#
-# Revision 1.27 2006/09/15 15:40:58 bjorn
-# Additional filtering by Ivana Varekova.
-#
# Revision 1.26 2006/01/20 22:31:04 bjorn
# Handle new pam_unix format, by Ivana Varekova.
#
@@ -152,18 +143,13 @@
$data{$service}{'Unknown Entries'}{$line}++;
}
} elsif (($service eq 'su') or ($service eq 'sudo') or ($service eq 'su-l')) {
- if ( my ($logname, $uid, $ruser, $user) = ($line =~ /^authentication failure; logname=(\S*)\s+uid=(\d+) (?:.*ruser=(\S*)\s+)?.*user=(\S*)$/)) {
- $line = ($logname or $ruser)."($uid) -> $user";
+ if ($line =~ s/^authentication failure; logname=(.*) uid=(\d+) .*user=(\S*)$/$1($2) -> $3/) {
$data{$service}{'Authentication Failures'}{$line}++;
} elsif ($line =~ /session closed for user/) {
# ignore this line
- } elsif (my ($nam, $byid) = ($line =~ /session opened for user (.+) by (.+)$/)) {
- #resolve uid to name if possible
- $byid =~ s/\(uid=(\d+)\)/$1/;
- my $onam = getpwuid($byid) or $byid;
- $data{$service}{'Sessions Opened'}{"$onam -> $nam"}++;
- } elsif ($line =~ /^account root has password changed in future/) {
- #I'm not sure whether this info could not be reported
+ } elsif ($line =~ s/session opened for user (.+) by (.+)$/$2 -> $1/) {
+ $data{$service}{'Sessions Opened'}{$line}++;
+ } elsif ($line =~ /account (.+) has password changed in future/) {
} else {
$data{$service}{'Unknown Entries'}{$line}++;
}
@@ -244,13 +230,12 @@
if ($line =~ s/^authentication failure; .*uid=(\d+) euid=(\d+) tty=(.+) ruser= rhost= user=(.+)$/$4($1,$2) on display $3/) {
$data{$service}{'Authentication Failures'}{$line}++;
}
- } elsif ($service =~ /^(f)?crond?$/ ) {
+ } elsif ($service =~ /^crond?$/ ) {
if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) {
($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
} elsif ($line =~ /session closed for user/) {
# ignore this line
- } elsif ($line =~ /^account root has password changed in future/) {
- #I'm not sure whether this info could not be reported
+ } elsif ($line =~ /account (.+) has password changed in future/) {
} else {
$data{$service}{'Unknown Entries'}{$line}++;
}
@@ -270,25 +255,24 @@
} else {
$data{$service}{'Unknown Entries'}{$line}++;
}
- } elsif ($service eq 'runuser') {
- if ($line =~/^session (opened)?(\/)?(closed)? for user [a-zA-Z\d]+/) {
- } else {
- $data{$service}{'Unknown Entries'}{$line}++;
- }
} elsif ($service eq 'atd') {
- if ($line =~/^session (opened)?(\/)?(closed)? for user [a-zA-Z\d]+/) {
- } elsif ($line =~ /^account root has password changed in future/) {
- #I'm not sure whether this info could not be reported
- } else {
- $data{$service}{'Unknown Entries'}{$line}++;
- }
- } elsif ($service eq 'system-config-date') {
- if ($line =~ s/auth could not identify password for \[(.*)\]/$1/) {
- $data{$service}{'Not Identify Password For'}{$line}++;
- } else {
+ if ($line =~ s/^session opened for user (.+)/$1/) {
+ $data{$service}{'Sessions Opened'}{$line}++;
+ } elsif ($line =~ s/^session closed for user (.+)/$1/) {
+ $data{$service}{'Password Failures'}{$line}++;
+ } elsif ($line =~ /account (.+) has password changed in future/) {
+ } else {
$data{$service}{'Unknown Entries'}{$line}++;
- }
- } else {
+ }
+ } elsif ($service eq 'runuser') {
+ if ($line =~ s/^session opened for user (.+)/$1/) {
+ $data{$service}{'Sessions Opened'}{$line}++;
+ } elsif ($line =~ s/^session closed for user (.+)/$1/) {
+ $data{$service}{'Password Failures'}{$line}++;
+ } else {
+ $data{$service}{'Unknown Entries'}{$line}++;
+ }
+ } else {
$data{$service}{'Unknown Entries'}{$line}++;
}
}