From cdc00a3b731673880b40e11d3635983d4163c109 Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Thu, 30 Oct 2014 12:52:12 +0100 Subject: typo + whitespace + log failed login attempts with syslog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mattias Andrée --- info/cerberus-logging.texinfo | 4 ++-- src/log-login-audit.c | 2 +- src/log-login-syslog.c | 35 ++++++++++++++++++++++++----------- src/logging | 3 ++- 4 files changed, 29 insertions(+), 15 deletions(-) diff --git a/info/cerberus-logging.texinfo b/info/cerberus-logging.texinfo index 68cec12..2ae515b 100644 --- a/info/cerberus-logging.texinfo +++ b/info/cerberus-logging.texinfo @@ -83,11 +83,11 @@ Log failed login attempt with the btmp system. @item log-login-utmp Log successful login with the utmp/wtmp system. @item log-login-audit -Log successful or failed login attemp with the audit system. +Log successful or failed login attempt with the audit system. @item log-login-lastlog Log successful login with the lastlog system. @item log-login-syslog -Log successful login with syslog. +Log successful or failed login attempt with syslog. @end table Upon a successful login, before the login takes place, diff --git a/src/log-login-audit.c b/src/log-login-audit.c index 2ddda77..67eae3f 100644 --- a/src/log-login-audit.c +++ b/src/log-login-audit.c @@ -28,7 +28,7 @@ int do_log(void) if ((!streq(action, "failed")) && (!streq(action, "login"))) return 0; - + status = streq(action, "login"); if (pwd = getpwnam(username), pwd == NULL) return -1; diff --git a/src/log-login-syslog.c b/src/log-login-syslog.c index c89c629..1c8567b 100644 --- a/src/log-login-syslog.c +++ b/src/log-login-syslog.c @@ -27,23 +27,36 @@ int do_log(void) struct passwd* pwd; const char* prefix; const char* affix; + int status; - if (!streq(action, "login")) + if ((!streq(action, "failed")) && (!streq(action, "login"))) return 0; + status = streq(action, "login"); + if (pwd = getpwnam(username), pwd == NULL) return -1; openlog("log-login-syslog", LOG_ODELAY, LOG_AUTHPRIV); - - if (strstr(ttyname, "ttyS") == ttyname) - syslog(LOG_INFO, "DIALUP AT %s BY %s", ttyname, username); - - prefix = pwd->pw_uid ? "" : "ROOT "; - affix = hostname ? " FROM " : ""; - hostname = hostname ? hostname : empty; - - syslog(pwd->pw_uid ? LOG_INFO : LOG_NOTICE, "%sLOGIN ON %s BY %s%s%s", - prefix, ttyname, username, affix, hostname); + + if (status) + { + if (strstr(ttyname, "ttyS") == ttyname) + syslog(LOG_INFO, "DIALUP AT %s BY %s", ttyname, username); + + prefix = pwd->pw_uid ? "" : "ROOT "; + affix = hostname ? " FROM " : ""; + hostname = hostname ? hostname : empty; + + syslog(pwd->pw_uid ? LOG_INFO : LOG_NOTICE, "%sLOGIN ON %s BY %s%s%s", + prefix, ttyname, username, affix, hostname); + } + else + { + affix = hostname ? " FROM " : ""; + + syslog(LOG_NOTICE, "FAILED LOGIN SESSION%s%s FOR %s ON %s", + affix, hostname, username, ttyname); + } closelog(); return 0; diff --git a/src/logging b/src/logging index c1ca78e..63287d5 100755 --- a/src/logging +++ b/src/logging @@ -104,12 +104,13 @@ log_denied () { try log-login-btmp "$@" try log-login-audit "$@" + try log-login-syslog "$@" } # Figure out the actionname action="${hook}" if [ "${hook}" = denied ]; then - action=fail + action=failed fi # Preprend options to values -- cgit v1.2.3-70-g09d2