Bug 389311 - Logwatch pam_unix summary counts "Password Failure" for beaglidx incorrectly
Summary: Logwatch pam_unix summary counts "Password Failure" for beaglidx incorrectly
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch
Version: 8
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Ivana Varekova
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-11-18 12:29 UTC by Dan O'Brien
Modified: 2007-12-20 19:55 UTC (History)
2 users (show)

Fixed In Version: 7.3.4-9.fc7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-12-20 19:51:38 UTC
Type: ---


Attachments (Terms of Use)

Description Dan O'Brien 2007-11-18 12:29:48 UTC
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:

Every morning I get a log file that says:

--------------------- pam_unix Begin ------------------------ 

 runuser:
    Password Failures:
       beaglidx: 2 Time(s)
    Sessions Opened:
       beaglidx by (uid=0): 2 Time(s)
 
 
---------------------- pam_unix End ------------------------- 

When beaglidx seems to run normally every day (or abnormally as I have it turned
off.)  But logwatch summarizes what is seemingly a normal exit as failure:

/usr/share/logwatch/scripts/services/pam_unix

268    } elsif (($service eq 'runuser') or ($service eq 'runuser-l')){
269       if ($line =~ s/^session opened for user (.+)/$1/) {
270          $data{$service}{'Sessions Opened'}{$line}++;
271       } elsif ($line =~ s/^session closed for user (.+)/$1/) {
272          $data{$service}{'Password Failures'}{$line}++;
273       } else {
274            $data{$service}{'Unknown Entries'}{$line}++;                         
275       }

When I run beaglidx by hand via runuser:

/home/dmobrien: /sbin/runuser -s /bin/bash beaglidx -c 'id -a' 
uid=58(beaglidx) gid=58(beaglidx) groups=58(beaglidx)
context=system_u:system_r:unconfined_t

It runs fine and the output in the /var/log/secure log file says:

/var/log: tail -f secure

Nov 18 07:27:21 yorky sudo: dmobrien : TTY=pts/2 ; PWD=/home/dmobrien ;
USER=root ; COMMAND=/usr/bin/ksh
Nov 18 07:27:46 yorky runuser: pam_unix(runuser:session): session opened for
user beaglidx by dmobrien(uid=0)
Nov 18 07:27:46 yorky runuser: pam_unix(runuser:session): session closed for
user beaglidx

So how is this a "password failure"?

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Nicola Soranzo 2007-11-19 13:42:16 UTC
I have the same for postgres. In the logwatch email:

--------------------- pam_unix Begin ------------------------ 

 runuser-l:
    Password Failures:
       postgres: 1 Time(s)
    Sessions Opened:
       postgres by (uid=0): 1 Time(s)
 
 
 ---------------------- pam_unix End -------------------------

And in /var/log/secure :

secure-20071119:Nov 19 11:43:41 localhost runuser: pam_unix(runuser-l:session):
session opened for user postgres by (uid=0)
secure-20071119:Nov 19 11:43:43 localhost runuser: pam_unix(runuser-l:session):
session closed for user postgres


Comment 2 Ivana Varekova 2007-11-22 12:22:15 UTC
Thanks. Fixed in logwatch-7.3.6-12.fc8

Comment 3 Fedora Update System 2007-11-26 18:39:53 UTC
logwatch-7.3.6-12.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update logwatch'

Comment 4 Fedora Update System 2007-11-26 18:40:24 UTC
logwatch-7.3.4-9.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update logwatch'

Comment 5 Fedora Update System 2007-12-20 19:51:36 UTC
logwatch-7.3.4-9.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2007-12-20 19:55:54 UTC
logwatch-7.3.6-12.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.