Bug 389311 - Logwatch pam_unix summary counts "Password Failure" for beaglidx incorrectly
Logwatch pam_unix summary counts "Password Failure" for beaglidx incorrectly
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: logwatch (Show other bugs)
8
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ivana Varekova
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-18 07:29 EST by Dan O'Brien
Modified: 2007-12-20 14:55 EST (History)
2 users (show)

See Also:
Fixed In Version: 7.3.4-9.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-12-20 14:51:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dan O'Brien 2007-11-18 07:29:48 EST
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:

Every morning I get a log file that says:

--------------------- pam_unix Begin ------------------------ 

 runuser:
    Password Failures:
       beaglidx: 2 Time(s)
    Sessions Opened:
       beaglidx by (uid=0): 2 Time(s)
 
 
---------------------- pam_unix End ------------------------- 

When beaglidx seems to run normally every day (or abnormally as I have it turned
off.)  But logwatch summarizes what is seemingly a normal exit as failure:

/usr/share/logwatch/scripts/services/pam_unix

268    } elsif (($service eq 'runuser') or ($service eq 'runuser-l')){
269       if ($line =~ s/^session opened for user (.+)/$1/) {
270          $data{$service}{'Sessions Opened'}{$line}++;
271       } elsif ($line =~ s/^session closed for user (.+)/$1/) {
272          $data{$service}{'Password Failures'}{$line}++;
273       } else {
274            $data{$service}{'Unknown Entries'}{$line}++;                         
275       }

When I run beaglidx by hand via runuser:

/home/dmobrien: /sbin/runuser -s /bin/bash beaglidx -c 'id -a' 
uid=58(beaglidx) gid=58(beaglidx) groups=58(beaglidx)
context=system_u:system_r:unconfined_t

It runs fine and the output in the /var/log/secure log file says:

/var/log: tail -f secure

Nov 18 07:27:21 yorky sudo: dmobrien : TTY=pts/2 ; PWD=/home/dmobrien ;
USER=root ; COMMAND=/usr/bin/ksh
Nov 18 07:27:46 yorky runuser: pam_unix(runuser:session): session opened for
user beaglidx by dmobrien(uid=0)
Nov 18 07:27:46 yorky runuser: pam_unix(runuser:session): session closed for
user beaglidx

So how is this a "password failure"?

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Nicola Soranzo 2007-11-19 08:42:16 EST
I have the same for postgres. In the logwatch email:

--------------------- pam_unix Begin ------------------------ 

 runuser-l:
    Password Failures:
       postgres: 1 Time(s)
    Sessions Opened:
       postgres by (uid=0): 1 Time(s)
 
 
 ---------------------- pam_unix End -------------------------

And in /var/log/secure :

secure-20071119:Nov 19 11:43:41 localhost runuser: pam_unix(runuser-l:session):
session opened for user postgres by (uid=0)
secure-20071119:Nov 19 11:43:43 localhost runuser: pam_unix(runuser-l:session):
session closed for user postgres
Comment 2 Ivana Varekova 2007-11-22 07:22:15 EST
Thanks. Fixed in logwatch-7.3.6-12.fc8
Comment 3 Fedora Update System 2007-11-26 13:39:53 EST
logwatch-7.3.6-12.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update logwatch'
Comment 4 Fedora Update System 2007-11-26 13:40:24 EST
logwatch-7.3.4-9.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update logwatch'
Comment 5 Fedora Update System 2007-12-20 14:51:36 EST
logwatch-7.3.4-9.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2007-12-20 14:55:54 EST
logwatch-7.3.6-12.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.