Bug 389311

Summary: Logwatch pam_unix summary counts "Password Failure" for beaglidx incorrectly
Product: [Fedora] Fedora Reporter: Dan O'Brien <dmobrien_2001>
Component: logwatchAssignee: Ivana Varekova <varekova>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 8CC: nsoranzo, pcfe
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 7.3.4-9.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-12-20 19:51:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Dan O'Brien 2007-11-18 12:29:48 UTC
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:

Every morning I get a log file that says:

--------------------- pam_unix Begin ------------------------ 

 runuser:
    Password Failures:
       beaglidx: 2 Time(s)
    Sessions Opened:
       beaglidx by (uid=0): 2 Time(s)
 
 
---------------------- pam_unix End ------------------------- 

When beaglidx seems to run normally every day (or abnormally as I have it turned
off.)  But logwatch summarizes what is seemingly a normal exit as failure:

/usr/share/logwatch/scripts/services/pam_unix

268    } elsif (($service eq 'runuser') or ($service eq 'runuser-l')){
269       if ($line =~ s/^session opened for user (.+)/$1/) {
270          $data{$service}{'Sessions Opened'}{$line}++;
271       } elsif ($line =~ s/^session closed for user (.+)/$1/) {
272          $data{$service}{'Password Failures'}{$line}++;
273       } else {
274            $data{$service}{'Unknown Entries'}{$line}++;                         
275       }

When I run beaglidx by hand via runuser:

/home/dmobrien: /sbin/runuser -s /bin/bash beaglidx -c 'id -a' 
uid=58(beaglidx) gid=58(beaglidx) groups=58(beaglidx)
context=system_u:system_r:unconfined_t

It runs fine and the output in the /var/log/secure log file says:

/var/log: tail -f secure

Nov 18 07:27:21 yorky sudo: dmobrien : TTY=pts/2 ; PWD=/home/dmobrien ;
USER=root ; COMMAND=/usr/bin/ksh
Nov 18 07:27:46 yorky runuser: pam_unix(runuser:session): session opened for
user beaglidx by dmobrien(uid=0)
Nov 18 07:27:46 yorky runuser: pam_unix(runuser:session): session closed for
user beaglidx

So how is this a "password failure"?

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Nicola Soranzo 2007-11-19 13:42:16 UTC
I have the same for postgres. In the logwatch email:

--------------------- pam_unix Begin ------------------------ 

 runuser-l:
    Password Failures:
       postgres: 1 Time(s)
    Sessions Opened:
       postgres by (uid=0): 1 Time(s)
 
 
 ---------------------- pam_unix End -------------------------

And in /var/log/secure :

secure-20071119:Nov 19 11:43:41 localhost runuser: pam_unix(runuser-l:session):
session opened for user postgres by (uid=0)
secure-20071119:Nov 19 11:43:43 localhost runuser: pam_unix(runuser-l:session):
session closed for user postgres


Comment 2 Ivana Varekova 2007-11-22 12:22:15 UTC
Thanks. Fixed in logwatch-7.3.6-12.fc8

Comment 3 Fedora Update System 2007-11-26 18:39:53 UTC
logwatch-7.3.6-12.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update logwatch'

Comment 4 Fedora Update System 2007-11-26 18:40:24 UTC
logwatch-7.3.4-9.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update logwatch'

Comment 5 Fedora Update System 2007-12-20 19:51:36 UTC
logwatch-7.3.4-9.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2007-12-20 19:55:54 UTC
logwatch-7.3.6-12.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.