Update login failure checking to check auth.log instead of messages,

and teach it to look for more general classes of failures, including
SSH login failures.  This is similar but not identical to a patch
submitted by aeonflux@synapse.subneural.net.

etc/periodic/security/800.loginfail

@@ -43,17 +43,17 @@ LOG="${daily_status_security_logdir}"
 yesterday=`date -v-1d "+%b %e "`
 
 catmsgs() {
-	find ${LOG} -name 'messages.*' -mtime -2 |
+	find ${LOG} -name 'auth.log.*' -mtime -2 |
 	    sort -t. -r -n +1 -2 |
 	    xargs zcat -f
-	[ -f ${LOG}/messages ] && cat $LOG/messages
+	[ -f ${LOG}/auth.log ] && cat $LOG/auth.log
 }
 
 case "$daily_status_security_loginfail_enable" in
     [Yy][Ee][Ss])
 	echo ""
 	echo "${host} login failures:"
-	n=$(catmsgs | grep -ia "^$yesterday.*login failure" |
+	n=$(catmsgs | grep -ia "^$yesterday.*[fF]ail" |
 	    tee /dev/stderr | wc -l)
 	[ $n -gt 0 ] && rc=1 || rc=0;;
     *)	rc=0;;