diff -up logwatch-7.3.6/scripts/services/secure.pom logwatch-7.3.6/scripts/services/secure --- logwatch-7.3.6/scripts/services/secure.pom 2009-10-12 11:33:15.000000000 +0200 +++ logwatch-7.3.6/scripts/services/secure 2009-10-12 12:38:29.000000000 +0200 @@ -435,6 +435,9 @@ while (defined($ThisLine = <STDIN>)) { } elsif ( ($User) = ($ThisLine =~ /useradd.*failed adding user `(.*)', data deleted/) ) {# failed adding user/)) {# (.*), data deleted/)) { # useradd: failed adding user `rpcuser', data deleted $FailedAddUsers{$User}++; + } elsif (($User,$Reason) = ($ThisLine =~ /dovecot-auth: pam_userdb\(dovecot:auth\): user `(.*)' denied access \((.*)\)/)) { + # dovecot-auth: pam_userdb(dovecot:auth): user `bobok' denied access (incorrect password) + $DeniedAccess{"$User,$Reason"}++; } else { # Unmatched entries... $ThisLine =~ s/\[\d+\]:/:/; @@ -535,6 +538,7 @@ if (keys %UnknownUser) { if ($pwd_file_unknown > 0) { print "\nUsers unknown in password database (pwd_file): $pwd_file_unknown\n"; } + if ($pwd_file_too_short > 0) { print "\nPassword too short or NULL (pwd_file): $pwd_file_too_short Time(s)\n"; } @@ -594,6 +598,14 @@ if (keys %{$FailedSaver}) { } } +if (keys %DeniedAccess) { + print "\ndovecot-auth: Denied access\n"; + foreach (keys %DeniedAccess) { + ($User,$Reason) = split ","; + print " for user " . $User . " (reason: " . $Reason . ") :" . $DeniedAccess{"$User,$Reason"} . " Time(s)\n"; + } +} + if (keys %NoIP) { print "\nCouldn't get client IPs for connections to:\n"; foreach $ThisOne (sort {$a cmp $b} keys %NoIP) {