Description of problem: Version-Release number of selected component (if applicable): How reproducible: Every morning I get a log file that says: --------------------- pam_unix Begin ------------------------ runuser: Password Failures: beaglidx: 2 Time(s) Sessions Opened: beaglidx by (uid=0): 2 Time(s) ---------------------- pam_unix End ------------------------- When beaglidx seems to run normally every day (or abnormally as I have it turned off.) But logwatch summarizes what is seemingly a normal exit as failure: /usr/share/logwatch/scripts/services/pam_unix 268 } elsif (($service eq 'runuser') or ($service eq 'runuser-l')){ 269 if ($line =~ s/^session opened for user (.+)/$1/) { 270 $data{$service}{'Sessions Opened'}{$line}++; 271 } elsif ($line =~ s/^session closed for user (.+)/$1/) { 272 $data{$service}{'Password Failures'}{$line}++; 273 } else { 274 $data{$service}{'Unknown Entries'}{$line}++; 275 } When I run beaglidx by hand via runuser: /home/dmobrien: /sbin/runuser -s /bin/bash beaglidx -c 'id -a' uid=58(beaglidx) gid=58(beaglidx) groups=58(beaglidx) context=system_u:system_r:unconfined_t It runs fine and the output in the /var/log/secure log file says: /var/log: tail -f secure Nov 18 07:27:21 yorky sudo: dmobrien : TTY=pts/2 ; PWD=/home/dmobrien ; USER=root ; COMMAND=/usr/bin/ksh Nov 18 07:27:46 yorky runuser: pam_unix(runuser:session): session opened for user beaglidx by dmobrien(uid=0) Nov 18 07:27:46 yorky runuser: pam_unix(runuser:session): session closed for user beaglidx So how is this a "password failure"? Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
I have the same for postgres. In the logwatch email: --------------------- pam_unix Begin ------------------------ runuser-l: Password Failures: postgres: 1 Time(s) Sessions Opened: postgres by (uid=0): 1 Time(s) ---------------------- pam_unix End ------------------------- And in /var/log/secure : secure-20071119:Nov 19 11:43:41 localhost runuser: pam_unix(runuser-l:session): session opened for user postgres by (uid=0) secure-20071119:Nov 19 11:43:43 localhost runuser: pam_unix(runuser-l:session): session closed for user postgres
Thanks. Fixed in logwatch-7.3.6-12.fc8
logwatch-7.3.6-12.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update logwatch'
logwatch-7.3.4-9.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update logwatch'
logwatch-7.3.4-9.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
logwatch-7.3.6-12.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.