Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 27 Nov 2000 17:04:02 -0500 (EST)
From:      Mikhail Kruk <meshko@cs.brandeis.edu>
To:        Tim Zingelman <zingelman@fnal.gov>, <kris@FreeBSD.ORG>
Cc:        <freebsd-security@FreeBSD.ORG>
Subject:   Re: fics
Message-ID:  <Pine.LNX.4.30.0011271701480.32226-200000@calliope.cs.brandeis.edu>
In-Reply-To: <Pine.GSO.4.30.0011271505560.19184-100000@nova.fnal.gov>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
I added it to my /etc/security and it seems to work.
diff file is attached (with the new 4.2 compatible version by Tim)

could someone enlighten me on what actually has to be done to the diff so
it can become real patch and eventually make it into the system?

I'm rather green but would really like to start contributing to FreeBSD.

On Mon, 27 Nov 2000, Tim Zingelman wrote:

> On Mon, 27 Nov 2000, Tim Zingelman wrote:
>
> > sockstat|grep "\*\.[0-9 ]*\*\.\*"|cut -c10-18,39-45|sort -n -u +1
>
> Oops, you caught me... I built this on a 3.x system... it doesn't work
> on a 4.2 system.  Sockstat output now uses : not . to separate ip & port.
> Also, it looks like sort -u weeds out duplicate keys, not duplicate rows
> as I'd assumed :(
>
> I'm starting to think this is too complex a solution... but:
>
>  sockstat|grep "\*.[0-9 ]*\*.\*"|cut -c1-9,10-18,39-45|sort -u|sort -n +2
>
> seems to do what I want both on 3.x and 4.x systems.
>
> If people think this is ok, I'd be glad to submit patches...
>
>   - Tim
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

[-- Attachment #2 --]
78a79,95
> # Show changes in the open tcp sockets
> #
> if sockstat|grep "\*.[0-9 ]*\*.\*"|cut -c1-9,10-18,39-45|sort -u|sort -n +2 > $TMP; then
>         if [ ! -f $LOG/sockstat.today ]; then
>                 separator
>                 echo "no $LOG/sockstat.today"
>                 cp $TMP $LOG/sockstat.today
>         fi
>         if cmp $LOG/sockstat.today $TMP >/dev/null 2>&1; then :; else
>                 separator
>                 echo "$host changes in open network sockets:"
>                 diff -b $LOG/sockstat.today $TMP
>                 mv $LOG/sockstat.today $LOG/sockstat.yesterday
>                 mv $TMP $LOG/sockstat.today
>         fi
> fi
> 
140a158
>
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.30.0011271701480.32226-200000>