Bug 389311
| Summary: | Logwatch pam_unix summary counts "Password Failure" for beaglidx incorrectly | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | pigetak178 |
| Component: | logwatch | Assignee: | Ivana Varekova <varekova> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8 | CC: | nsoranzo, pcfe |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 7.3.4-9.fc7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-12-20 19:51:38 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I have the same for postgres. In the logwatch email:
--------------------- pam_unix Begin ------------------------
runuser-l:
Password Failures:
postgres: 1 Time(s)
Sessions Opened:
postgres by (uid=0): 1 Time(s)
---------------------- pam_unix End -------------------------
And in /var/log/secure :
secure-20071119:Nov 19 11:43:41 localhost runuser: pam_unix(runuser-l:session):
session opened for user postgres by (uid=0)
secure-20071119:Nov 19 11:43:43 localhost runuser: pam_unix(runuser-l:session):
session closed for user postgres
Thanks. Fixed in logwatch-7.3.6-12.fc8 logwatch-7.3.6-12.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update logwatch' logwatch-7.3.4-9.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update logwatch' logwatch-7.3.4-9.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. logwatch-7.3.6-12.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: Version-Release number of selected component (if applicable): How reproducible: Every morning I get a log file that says: --------------------- pam_unix Begin ------------------------ runuser: Password Failures: beaglidx: 2 Time(s) Sessions Opened: beaglidx by (uid=0): 2 Time(s) ---------------------- pam_unix End ------------------------- When beaglidx seems to run normally every day (or abnormally as I have it turned off.) But logwatch summarizes what is seemingly a normal exit as failure: /usr/share/logwatch/scripts/services/pam_unix 268 } elsif (($service eq 'runuser') or ($service eq 'runuser-l')){ 269 if ($line =~ s/^session opened for user (.+)/$1/) { 270 $data{$service}{'Sessions Opened'}{$line}++; 271 } elsif ($line =~ s/^session closed for user (.+)/$1/) { 272 $data{$service}{'Password Failures'}{$line}++; 273 } else { 274 $data{$service}{'Unknown Entries'}{$line}++; 275 } When I run beaglidx by hand via runuser: /home/dmobrien: /sbin/runuser -s /bin/bash beaglidx -c 'id -a' uid=58(beaglidx) gid=58(beaglidx) groups=58(beaglidx) context=system_u:system_r:unconfined_t It runs fine and the output in the /var/log/secure log file says: /var/log: tail -f secure Nov 18 07:27:21 yorky sudo: dmobrien : TTY=pts/2 ; PWD=/home/dmobrien ; USER=root ; COMMAND=/usr/bin/ksh Nov 18 07:27:46 yorky runuser: pam_unix(runuser:session): session opened for user beaglidx by dmobrien(uid=0) Nov 18 07:27:46 yorky runuser: pam_unix(runuser:session): session closed for user beaglidx So how is this a "password failure"? Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: