From 3ec725a2ba50784ee3f17aa16e0e4eff63a89715 Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Mon, 26 Oct 2015 17:35:38 -0700 Subject: [PATCH 01/19] Created file From https://github.com/beezwax/filemaker-fail2ban/blob/master/fail2ban/filter.d/screensharingd.conf --- config/filter.d/screensharingd.conf | 33 +++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 config/filter.d/screensharingd.conf diff --git a/config/filter.d/screensharingd.conf b/config/filter.d/screensharingd.conf new file mode 100644 index 00000000..c0b5d32c --- /dev/null +++ b/config/filter.d/screensharingd.conf @@ -0,0 +1,33 @@ +# Fail2Ban configuration file +# +# Author: Simon Brown +# +# $Revision: 1 $ +# +# Filter for Mac OS X Screen Sharing service + +[INCLUDES] + +# Read common prefixes. If any customizations available -- read them from +# common.local +before = common.conf + + +[Definition] + +_daemon = screensharingd + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +failregex = ^.+ screensharingd.+: Authentication: FAILED :: User Name: .+ :: Viewer Address: :: .*$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = From 80546c61642248445b5140bf5f156dca058cd858 Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Mon, 26 Oct 2015 17:50:49 -0700 Subject: [PATCH 02/19] Added in settings for screensharingd filter --- config/jail.conf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/config/jail.conf b/config/jail.conf index fd7f376e..e056ea3c 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -786,3 +786,10 @@ returntype = DROP bantime = 3600 maxretry = 1 findtime = 1 + +[screensharing] +# For Mac OS Screen Sharing Service +enabled = true +filter = screensharingd +logpath = %(system_log)s +maxretry = 4 From de14946542f0cbc8eece09329ca03418086c36da Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Mon, 26 Oct 2015 18:02:07 -0700 Subject: [PATCH 03/19] Added new path variable for system.log Logging location for the majority of Mac OS daemons. --- config/paths-osx.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/paths-osx.conf b/config/paths-osx.conf index d1b99b38..4f4df632 100644 --- a/config/paths-osx.conf +++ b/config/paths-osx.conf @@ -25,3 +25,5 @@ syslog_authpriv = /var/log/secure.log #syslog_local0 = +# Default Mac OS log location for syslog output. +system_log = /var/log/system.log From d17d837b8c855091f7cca3231c8ac05c4963553b Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Tue, 27 Oct 2015 10:28:07 -0700 Subject: [PATCH 04/19] Update jail.conf Added logencoding to screensharing jail to avoid encoding error messages in fail2ban log --- config/jail.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/config/jail.conf b/config/jail.conf index e056ea3c..2b9e9eaf 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -792,4 +792,5 @@ findtime = 1 enabled = true filter = screensharingd logpath = %(system_log)s +logencoding=utf-8 maxretry = 4 From 4c3f778b826248809273d1287271e599a1f0f64e Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Tue, 27 Oct 2015 10:33:30 -0700 Subject: [PATCH 05/19] Replaced .* with literal Per Serg's suggestions. Possible I'm missing some auth attempt types, but I couldn't find anything where literal wasn't sufficient. --- config/filter.d/screensharingd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/filter.d/screensharingd.conf b/config/filter.d/screensharingd.conf index c0b5d32c..fc9f6aed 100644 --- a/config/filter.d/screensharingd.conf +++ b/config/filter.d/screensharingd.conf @@ -24,7 +24,7 @@ _daemon = screensharingd # (?:::f{4,6}:)?(?P[\w\-.^_]+) # Values: TEXT # -failregex = ^.+ screensharingd.+: Authentication: FAILED :: User Name: .+ :: Viewer Address: :: .*$ +failregex = ^.+ screensharingd.+: Authentication: FAILED :: User Name: .+ :: Viewer Address: :: Type: DH$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. From b3a18631e214ad970e87d2704e3d8027bb76359d Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Tue, 27 Oct 2015 10:43:43 -0700 Subject: [PATCH 06/19] Sample log for test case --- fail2ban/tests/files/logs/screenshare | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 fail2ban/tests/files/logs/screenshare diff --git a/fail2ban/tests/files/logs/screenshare b/fail2ban/tests/files/logs/screenshare new file mode 100644 index 00000000..d3736f82 --- /dev/null +++ b/fail2ban/tests/files/logs/screenshare @@ -0,0 +1,5 @@ +Oct 27 09:24:46 test1.beezwax.net screensharingd[1170]: Authentication: SUCCEEDED :: User Name: simon :: Viewer Address: 192.168.5.247 :: Type: DH +Oct 27 09:25:41 test1.beezwax.net screensharingd[1170]: Authentication: FAILED :: User Name: sdfsdfs () mro :: Viewer Address: 192.168.5.247 :: Type: DH +Oct 27 09:25:49 test1.beezwax.net screensharingd[1170]: Authentication: FAILED :: User Name: sdfsdfs :: :: Viewer Address: 192.168.5.247 :: Type: DH +Oct 27 09:25:58 test1.beezwax.net screensharingd[1170]: Authentication: FAILED :: User Name: sdfsdfs _+ :: Viewer Address: 192.168.5.247 :: Type: DH +Oct 27 09:26:09 test1.beezwax.net screensharingd[1170]: Authentication: FAILED :: User Name: sdfsdfs @! s:: :: Viewer Address: 192.168.5.247 :: Type: DH From 3e4a77a5687550a47888720856d0b652cf6745d9 Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Tue, 27 Oct 2015 12:31:51 -0700 Subject: [PATCH 07/19] Added json metadata --- fail2ban/tests/files/logs/screenshare | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/fail2ban/tests/files/logs/screenshare b/fail2ban/tests/files/logs/screenshare index d3736f82..73425b43 100644 --- a/fail2ban/tests/files/logs/screenshare +++ b/fail2ban/tests/files/logs/screenshare @@ -1,5 +1,14 @@ +# failJSON: { "time": "Oct 27 09:24:46", "match": false , "host": "192.168.5.247" } Oct 27 09:24:46 test1.beezwax.net screensharingd[1170]: Authentication: SUCCEEDED :: User Name: simon :: Viewer Address: 192.168.5.247 :: Type: DH +# failJSON: { "time": "Oct 27 09:25:41", "match": true , "host": "192.168.5.247" } Oct 27 09:25:41 test1.beezwax.net screensharingd[1170]: Authentication: FAILED :: User Name: sdfsdfs () mro :: Viewer Address: 192.168.5.247 :: Type: DH +# failJSON: { "time": "Oct 27 09:25:49", "match": true , "host": "192.168.5.247" } Oct 27 09:25:49 test1.beezwax.net screensharingd[1170]: Authentication: FAILED :: User Name: sdfsdfs :: :: Viewer Address: 192.168.5.247 :: Type: DH -Oct 27 09:25:58 test1.beezwax.net screensharingd[1170]: Authentication: FAILED :: User Name: sdfsdfs _+ :: Viewer Address: 192.168.5.247 :: Type: DH +# failJSON: { "time": "Oct 27 09:26:09", "match": true , "host": "192.168.5.247" } Oct 27 09:26:09 test1.beezwax.net screensharingd[1170]: Authentication: FAILED :: User Name: sdfsdfs @! s:: :: Viewer Address: 192.168.5.247 :: Type: DH +# failJSON: { "time": "Oct 27 09:23:20", "match": false , "host": "192.168.5.247" } +Oct 27 09:23:20 fm100 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.1156): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAgent.xpc +# failJSON: { "time": "Oct 27 09:23:20", "match": false , "host": "192.168.5.247" } +Oct 27 09:23:20 fm100.beezwax.net ManagedClient[1155]: MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_SUSPEND, &(uid=1027), NULL) failed +# failJSON: { "time": "Oct 27 12:26:44", "match": false , "host": "192.168.5.247" } +Oct 27 12:26:44 fm100.beezwax.net digest-service[3828]: digest-request: kdc failed with 36150275 proto=unknown From 6a5f10ee72eed02fb8aa66af6beb4c7e57fc6c97 Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Tue, 27 Oct 2015 16:27:14 -0700 Subject: [PATCH 08/19] name change & new sample data changed name to match daemon, log samples with year --- fail2ban/tests/files/logs/screenshare | 14 -------------- fail2ban/tests/files/logs/screenshared | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+), 14 deletions(-) delete mode 100644 fail2ban/tests/files/logs/screenshare create mode 100644 fail2ban/tests/files/logs/screenshared diff --git a/fail2ban/tests/files/logs/screenshare b/fail2ban/tests/files/logs/screenshare deleted file mode 100644 index 73425b43..00000000 --- a/fail2ban/tests/files/logs/screenshare +++ /dev/null @@ -1,14 +0,0 @@ -# failJSON: { "time": "Oct 27 09:24:46", "match": false , "host": "192.168.5.247" } -Oct 27 09:24:46 test1.beezwax.net screensharingd[1170]: Authentication: SUCCEEDED :: User Name: simon :: Viewer Address: 192.168.5.247 :: Type: DH -# failJSON: { "time": "Oct 27 09:25:41", "match": true , "host": "192.168.5.247" } -Oct 27 09:25:41 test1.beezwax.net screensharingd[1170]: Authentication: FAILED :: User Name: sdfsdfs () mro :: Viewer Address: 192.168.5.247 :: Type: DH -# failJSON: { "time": "Oct 27 09:25:49", "match": true , "host": "192.168.5.247" } -Oct 27 09:25:49 test1.beezwax.net screensharingd[1170]: Authentication: FAILED :: User Name: sdfsdfs :: :: Viewer Address: 192.168.5.247 :: Type: DH -# failJSON: { "time": "Oct 27 09:26:09", "match": true , "host": "192.168.5.247" } -Oct 27 09:26:09 test1.beezwax.net screensharingd[1170]: Authentication: FAILED :: User Name: sdfsdfs @! s:: :: Viewer Address: 192.168.5.247 :: Type: DH -# failJSON: { "time": "Oct 27 09:23:20", "match": false , "host": "192.168.5.247" } -Oct 27 09:23:20 fm100 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.1156): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAgent.xpc -# failJSON: { "time": "Oct 27 09:23:20", "match": false , "host": "192.168.5.247" } -Oct 27 09:23:20 fm100.beezwax.net ManagedClient[1155]: MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_SUSPEND, &(uid=1027), NULL) failed -# failJSON: { "time": "Oct 27 12:26:44", "match": false , "host": "192.168.5.247" } -Oct 27 12:26:44 fm100.beezwax.net digest-service[3828]: digest-request: kdc failed with 36150275 proto=unknown diff --git a/fail2ban/tests/files/logs/screenshared b/fail2ban/tests/files/logs/screenshared new file mode 100644 index 00000000..63e1dfb4 --- /dev/null +++ b/fail2ban/tests/files/logs/screenshared @@ -0,0 +1,18 @@ +# NOTE: dates here include years -- this is NOT the typical configuration for the system.log +# file on Mac OS. However, matches will not pass unless year is included. +# +# failJSON: { "match": false } +Oct 27 2015 09:24:46 test1.beezwax.net screensharingd[1170]: Authentication: SUCCEEDED :: User Name: simon :: Viewer Address: 192.168.5.247 :: Type: DH +# failJSON: { "match": false } +Oct 27 2015 09:23:20 test1 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.1156): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAgent.xpc +# failJSON: { "match": false } +Oct 27 2015 09:23:20 test1.beezwax.net ManagedClient[1155]: MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_SUSPEND, &(uid=1027), NULL) failed +# failJSON: { "match": false } +Oct 27 2015 12:26:44 test1.beezwax.net digest-service[3828]: digest-request: kdc failed with 36150275 proto=unknown +# +# failJSON: { "time": "2015-10-27T12:35:40", "match": true , "host": "192.168.5.247" } +Oct 27 2015 12:35:40 test1.beezwax.net screensharingd[1170]: Authentication: FAILED :: User Name: sdfsdfs () mro :: Viewer Address: 192.168.5.247 :: Type: DH +# failJSON: { "time": "2015-10-27T12:35:50", "match": true , "host": "192.168.5.247" } +Oct 27 2015 12:35:50 test1.beezwax.net screensharingd[1170]: Authentication: FAILED :: User Name: brown_s :: :: Viewer Address: 192.168.5.247 :: Type: DH +# failJSON: { "time": "2015-10-27T12:26:01", "match": true , "host": "192.168.5.247" } +Oct 27 2015 12:26:01 test1.beezwax.net screensharingd[1170]: Authentication: FAILED :: User Name: brown @! s:: :: Viewer Address: 192.168.5.247 :: Type: DH From 3dd1c305ce536d42fba397ac516abc3dd43d5f35 Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Tue, 27 Oct 2015 21:20:12 -0700 Subject: [PATCH 09/19] added entry for new screensharingd filter --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 391eabc6..a6e53a02 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,6 +39,8 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released (gh-1226) * Added filter for openhab domotic software authentication failure with the rest api and web interface (gh-1223) + * Added filter for Mac OS screen sharing (VNC) daemon + ver. 0.9.3 (2015/08/01) - lets-all-stay-friends ---------- From 4b4d5a95b7af7aaca0c8bc9858bd78c6d3b75320 Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Tue, 27 Oct 2015 21:30:20 -0700 Subject: [PATCH 10/19] Changed regex prequel Use standard prefix macro instead of literal daemon name. --- config/filter.d/screensharingd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/filter.d/screensharingd.conf b/config/filter.d/screensharingd.conf index fc9f6aed..fbaff542 100644 --- a/config/filter.d/screensharingd.conf +++ b/config/filter.d/screensharingd.conf @@ -24,7 +24,7 @@ _daemon = screensharingd # (?:::f{4,6}:)?(?P[\w\-.^_]+) # Values: TEXT # -failregex = ^.+ screensharingd.+: Authentication: FAILED :: User Name: .+ :: Viewer Address: :: Type: DH$ +failregex = ^%(__prefix_line)sAuthentication: Authentication: FAILED :: User Name: .+ :: Viewer Address: :: Type: DH$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. From acee68a9ee94a084576e91f74f226efb41b231d7 Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Wed, 28 Oct 2015 15:11:11 -0700 Subject: [PATCH 11/19] Made screensharing jail off by default Also added note about requiring paths-osx.conf. --- config/jail.conf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/config/jail.conf b/config/jail.conf index 2b9e9eaf..65ffdef1 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -788,8 +788,9 @@ maxretry = 1 findtime = 1 [screensharing] -# For Mac OS Screen Sharing Service -enabled = true +# For Mac OS Screen Sharing Service (VNC) +# Requires the 'before' statement in the [INCLUDE] section to include paths-osx.conf +enabled = false filter = screensharingd logpath = %(system_log)s logencoding=utf-8 From c936d19805aae62fa71fb8087313b889713901be Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Wed, 28 Oct 2015 15:30:31 -0700 Subject: [PATCH 12/19] Fixed name (again?) --- fail2ban/tests/files/logs/{screenshared => screensharingd} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename fail2ban/tests/files/logs/{screenshared => screensharingd} (100%) diff --git a/fail2ban/tests/files/logs/screenshared b/fail2ban/tests/files/logs/screensharingd similarity index 100% rename from fail2ban/tests/files/logs/screenshared rename to fail2ban/tests/files/logs/screensharingd From bed28eaa62b6c1737c2030ce2ced56dc5ef20316 Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Wed, 28 Oct 2015 15:32:58 -0700 Subject: [PATCH 13/19] clarified comments on sample log format --- fail2ban/tests/files/logs/screensharingd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fail2ban/tests/files/logs/screensharingd b/fail2ban/tests/files/logs/screensharingd index 63e1dfb4..c43a5c41 100644 --- a/fail2ban/tests/files/logs/screensharingd +++ b/fail2ban/tests/files/logs/screensharingd @@ -1,5 +1,5 @@ -# NOTE: dates here include years -- this is NOT the typical configuration for the system.log -# file on Mac OS. However, matches will not pass unless year is included. +# NOTE: dates here include years -- this is not the typical configuration for the system.log +# file on Mac OS. However, without it the test routines will use 2004 as the year and matches will not pass. # # failJSON: { "match": false } Oct 27 2015 09:24:46 test1.beezwax.net screensharingd[1170]: Authentication: SUCCEEDED :: User Name: simon :: Viewer Address: 192.168.5.247 :: Type: DH From cabd46f069d7fc585b02c0ac88e7069af202e419 Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Wed, 28 Oct 2015 20:58:25 -0700 Subject: [PATCH 14/19] Fixed blatant typo in regex However, still failing test, even though ```PYTHONPATH=. fail2ban-regex -v fail2ban/tests/files/logs/screensharingd /etc/fail2ban/filter.d/screensharingd.conf``` gives desired result --- config/filter.d/screensharingd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/filter.d/screensharingd.conf b/config/filter.d/screensharingd.conf index fbaff542..c5e3e858 100644 --- a/config/filter.d/screensharingd.conf +++ b/config/filter.d/screensharingd.conf @@ -24,7 +24,7 @@ _daemon = screensharingd # (?:::f{4,6}:)?(?P[\w\-.^_]+) # Values: TEXT # -failregex = ^%(__prefix_line)sAuthentication: Authentication: FAILED :: User Name: .+ :: Viewer Address: :: Type: DH$ +failregex = ^%(__prefix_line)sAuthentication: FAILED :: User Name: .+ :: Viewer Address: :: Type: DH$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. From 65bc5cf6ba08f64fc13c03f5c44d7911a7f0179f Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Thu, 29 Oct 2015 09:03:01 -0700 Subject: [PATCH 15/19] Now using a literal logpath for screensharing jail --- config/jail.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/jail.conf b/config/jail.conf index 65ffdef1..7470039c 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -792,6 +792,6 @@ findtime = 1 # Requires the 'before' statement in the [INCLUDE] section to include paths-osx.conf enabled = false filter = screensharingd -logpath = %(system_log)s +logpath = /var/log/system.log logencoding=utf-8 maxretry = 4 From 5839a3bd80c73a5ff6a0f725d4453963505eb68a Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Thu, 29 Oct 2015 16:07:54 -0700 Subject: [PATCH 16/19] Removed includes comment for screensharing jail --- config/jail.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/config/jail.conf b/config/jail.conf index 7470039c..2aaea7ea 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -789,7 +789,6 @@ findtime = 1 [screensharing] # For Mac OS Screen Sharing Service (VNC) -# Requires the 'before' statement in the [INCLUDE] section to include paths-osx.conf enabled = false filter = screensharingd logpath = /var/log/system.log From d16ad805975afdade337dc052f88a198866efe3e Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Mon, 2 Nov 2015 09:06:32 -0800 Subject: [PATCH 17/19] removed false matches For non-screensharingd related messages --- fail2ban/tests/files/logs/screensharingd | 6 ------ 1 file changed, 6 deletions(-) diff --git a/fail2ban/tests/files/logs/screensharingd b/fail2ban/tests/files/logs/screensharingd index c43a5c41..0ec0ebd6 100644 --- a/fail2ban/tests/files/logs/screensharingd +++ b/fail2ban/tests/files/logs/screensharingd @@ -3,12 +3,6 @@ # # failJSON: { "match": false } Oct 27 2015 09:24:46 test1.beezwax.net screensharingd[1170]: Authentication: SUCCEEDED :: User Name: simon :: Viewer Address: 192.168.5.247 :: Type: DH -# failJSON: { "match": false } -Oct 27 2015 09:23:20 test1 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.1156): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAgent.xpc -# failJSON: { "match": false } -Oct 27 2015 09:23:20 test1.beezwax.net ManagedClient[1155]: MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_SUSPEND, &(uid=1027), NULL) failed -# failJSON: { "match": false } -Oct 27 2015 12:26:44 test1.beezwax.net digest-service[3828]: digest-request: kdc failed with 36150275 proto=unknown # # failJSON: { "time": "2015-10-27T12:35:40", "match": true , "host": "192.168.5.247" } Oct 27 2015 12:35:40 test1.beezwax.net screensharingd[1170]: Authentication: FAILED :: User Name: sdfsdfs () mro :: Viewer Address: 192.168.5.247 :: Type: DH From 3e16f33dbe840d507b687517699072a5e100101c Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Mon, 2 Nov 2015 09:08:47 -0800 Subject: [PATCH 18/19] Removed old svn revision comment --- config/filter.d/screensharingd.conf | 2 -- 1 file changed, 2 deletions(-) diff --git a/config/filter.d/screensharingd.conf b/config/filter.d/screensharingd.conf index c5e3e858..4cd76465 100644 --- a/config/filter.d/screensharingd.conf +++ b/config/filter.d/screensharingd.conf @@ -2,8 +2,6 @@ # # Author: Simon Brown # -# $Revision: 1 $ -# # Filter for Mac OS X Screen Sharing service [INCLUDES] From 69bb532db0c9c34bf7c68ba0ed7adb769206f58d Mon Sep 17 00:00:00 2001 From: Simon Brown Date: Mon, 2 Nov 2015 09:26:45 -0800 Subject: [PATCH 19/19] removed system.log --- config/paths-osx.conf | 3 --- 1 file changed, 3 deletions(-) diff --git a/config/paths-osx.conf b/config/paths-osx.conf index 4f4df632..180923c0 100644 --- a/config/paths-osx.conf +++ b/config/paths-osx.conf @@ -24,6 +24,3 @@ syslog_authpriv = /var/log/secure.log #syslog_daemon = #syslog_local0 = - -# Default Mac OS log location for syslog output. -system_log = /var/log/system.log