aaron walker

Just got a weird mail in my admin mailbox about a password failure from
the kernel... wtf?

I have metalog setup to send me mail whenever there is a password failure:

<snip>
Password failures :
regex = "(password|login|authentication)\s+(fail|invalid)"
regex = "(failed|invalid)\s+(password|login|authentication )"
regex = "ILLEGAL ROOT LOGIN"
logdir = "/var/log/pwdfail"
command = "/usr/local/sbin/pwdfail.sh"
</snip>

I think this is from the default metalog config. pwdfail.sh contains:

#!/bin/sh
echo "$3" | mail -s "$HOSTNAME: Password Failure ($2)" ka0ttic@localhost


The subject of this email was "morpheus: Password Failure (kernel)".
Normal password failures have subjects like "morpheus: Password Failure
(su)" or "morpheus: Password Failure (su(pam_unix))", etc.

Looking at the contents of /var/log/pwdfail/current shows the last entry
on 20040708, so it's kinda weird that it would go through the metalog
filter and have the command run, but not be logged...

I'm stumped. Anyone know why I would be getting this?

Thanks
--
Love conquers all things; let us too surrender to love.
-- Publius Vergilius Maro (Virgil)
sur
/* Aaron Walker
* http://butsugenjitemple.org/~ka0ttic/
*/


--
gentoo-user@gentoo.org mailing list