From owner-freebsd-security@FreeBSD.ORG Wed Feb 23 17:46:50 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 523C716A4CE for ; Wed, 23 Feb 2005 17:46:50 +0000 (GMT) Received: from colt.tsua.net (colt.tsua.net [212.40.34.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4C4743D49 for ; Wed, 23 Feb 2005 17:46:49 +0000 (GMT) (envelope-from pbl@colt.tsua.net) Received: from localhost (localhost [127.0.0.1]) by colt.tsua.net (Postfix) with ESMTP id DF8321050A7; Wed, 23 Feb 2005 19:46:43 +0200 (EET) Received: from colt.tsua.net ([127.0.0.1]) by localhost (colt.tsua.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 54492-06; Wed, 23 Feb 2005 19:46:43 +0200 (EET) Received: by colt.tsua.net (Postfix, from userid 1011) id 8C333105095; Wed, 23 Feb 2005 19:46:43 +0200 (EET) Date: Wed, 23 Feb 2005 19:46:43 +0200 From: Peter Lavee To: Alexander Leidinger , Bill Moran , freebsd-security@freebsd.org Message-ID: <20050223174643.GA54707@tsua.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Operating-System: FreeBSD 4.10-RELEASE-p5 i386 X-NCC-RegID: ua.tsystems User-Agent: Mutt/1.5.6i Subject: Fw-up: Re: periodic/security/550.ipfwlimit - diff for RELENG-5] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Feb 2005 17:46:50 -0000 Almost forgot - diff need ot be appied only on FreeBSD 5 version of 550.ipfwlimit, but resulting file can be used on both 4 and 5 releases. On Wed, Feb 23, 2005 at 03:59:51PM +0100, Alexander Leidinger wrote: Better version then previos, it will not break order of rules. awk version, it will work on all 4 and 5 releases, at least those, where IPFW enabled ;-) Also i removed check for digit+space+digit - it can break things if ipfw output will be significally changed. diff -u 550.ipfwlimit 550.ipfwlimit.new =============================>8============================================================================================== --- 550.ipfwlimit Wed Feb 23 18:54:35 2005 +++ 550.ipfwlimit.new Wed Feb 23 19:19:19 2005 @@ -45,10 +45,10 @@ TMP=`mktemp -t security` IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then - ipfw -a l | grep " log " | \ - grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ - awk -v limit="$IPFW_LOG_LIMIT" \ - '{if ($2 > limit) {print $0}}' > ${TMP} + ipfw -a l | grep " log " \ + | \ + awk -v limit="$IPFW_LOG_LIMIT" -v logamount=$6 \ + '{if ($5 == "logamount") {if ($2 > logamount) {print $0} } else { if ($2 > limit) {print $0} } }' > ${TMP} if [ -s "${TMP}" ]; then rc=1 echo "" =============================>8============================================================================================== > Bill Moran wrote: > > > > >This is great. > > > >However, because of the size of the FreeBSD project, it's likely that this > >will get lost. To ensure that it doesn't, please submit it as a PR > >(problem report). > > While this may work on 4.x, this will not be able to go into 5.x or into > -current (and it first has to find it's way into -current, else there will > be no merge to 5.x or 4.x) since we don't have perl in the base system on > 5.x and -current. I suggest to rewrite this in awk (in the -current version > of this periodic script) and submit it as a diff. -- WBR, Peter Lavee Hostmaster Technological Systems CJVC