From owner-freebsd-audit Wed May 29 10:24:43 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 67D0037BE2B; Wed, 29 May 2002 10:03:55 -0700 (PDT) Received: from hades.hell.gr (patr530-b149.otenet.gr [212.205.244.157]) by mailsrv.otenet.gr (8.12.3/8.12.3) with ESMTP id g4TH2P0j014079; Wed, 29 May 2002 20:02:26 +0300 (EEST) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.3/8.12.3) with ESMTP id g4TH2OQb020153; Wed, 29 May 2002 20:02:24 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from charon@localhost) by hades.hell.gr (8.12.3/8.12.3/Submit) id g4TFKBQe016859; Wed, 29 May 2002 18:20:11 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Wed, 29 May 2002 18:20:10 +0300 From: Giorgos Keramidas To: freebsd-audit@freebsd.org Cc: Brian Somers , "Crist J. Clark" , Doug Barton , Gregory Neil Shapiro , Robert Watson Subject: Removing perl traces from src/etc/periodic Message-ID: <20020529152010.GA13893@hades.hell.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.99i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The following patch removes all traces of perl from etc/periodic. I have tested this by comparing the output of the current periodic stuff and the output of the patched version, but I might have missed something. Mark Murray has also done a bit of testing. If there are no serious problems with this, I would like to get it committed so that we can move one step closer to having a perl free base system :) As usual, your comments, complaints or suggestions are most welcome. What I want you to pay special attention to is the replacement of an inline Perl script in 470.status-named with a subshell invocation. I have tested this with a few lines that were created by my locally running named, but a bit of extra testing won't hurt, I guess. I'd like to apologize to those of you who are Cc:'ed *and* subscribed to -audit, as they will receive duplicate copies of this. You were the ones responsible for the last 50 commits in src/etc/periodic. Since you have all been active in this area, ignore the duplicate. It merely means I didn't want you to miss the post in the rest of the -audit traffic. Cheers, %%% Index: etc/periodic/daily/440.status-mailq =================================================================== RCS file: /home/ncvs/src/etc/periodic/daily/440.status-mailq,v retrieving revision 1.8 diff -u -r1.8 440.status-mailq --- etc/periodic/daily/440.status-mailq 7 May 2002 13:11:05 -0000 1.8 +++ etc/periodic/daily/440.status-mailq 28 May 2002 20:47:54 -0000 @@ -25,7 +25,7 @@ rc=$(case "$daily_status_mailq_shorten" in [Yy][Ee][Ss]) mailq | - perl -ne 'print if /^\s+\S+@/' | + egrep -e '^[[:space:]]+[^[:space:]]+@' | sort | uniq -c | sort -nr | @@ -45,7 +45,7 @@ rc=$(case "$daily_status_mailq_shorten" in [Yy][Ee][Ss]) mailq -Ac | - perl -ne 'print if /^\s+\S+@/' | + egrep -e '^[[:space:]]+[^[:space:]]+@' | sort | uniq -c | sort -nr | Index: etc/periodic/daily/460.status-mail-rejects =================================================================== RCS file: /home/ncvs/src/etc/periodic/daily/460.status-mail-rejects,v retrieving revision 1.14 diff -u -r1.14 460.status-mail-rejects --- etc/periodic/daily/460.status-mail-rejects 30 Apr 2002 17:07:32 -0000 1.14 +++ etc/periodic/daily/460.status-mail-rejects 28 May 2002 20:47:54 -0000 @@ -51,8 +51,9 @@ done cat /var/log/maillog } | - perl -ne "print \"\$2\n\" - if (/reject=/ and /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o);" | + fgrep 'reject=' | + egrep -e "^$start.*ruleset=check_[^[:space:]]+,[[:space:]]+arg1=(<[^@]+@)?([^>,]+).*reject=.*" | + sed -e 's/.*arg1=//' -e 's/.*@//' -e 's/[>[:space:]].*$//' | sort -f | uniq -ic | sort -fnr | tee /dev/stderr | wc -l) [ $rc -gt 0 ] && rc=1 fi;; Index: etc/periodic/daily/470.status-named =================================================================== RCS file: /home/ncvs/src/etc/periodic/daily/470.status-named,v retrieving revision 1.2 diff -u -r1.2 470.status-named --- etc/periodic/daily/470.status-named 26 Jul 2001 02:37:12 -0000 1.2 +++ etc/periodic/daily/470.status-named 28 May 2002 20:47:54 -0000 @@ -25,30 +25,30 @@ start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'` rc=$(catmsgs | - perl -ne 'print "$2 from $1\n" - if (/^'"$start"'.*named\[\d+\]: denied [AI]XFR from \[(.*)\]\.\d+ for "(.*)"/);' | - sort -f | uniq -ic | - perl -e ' - use Socket; + fgrep '^'"$start"'.*named\[[[:digit:]]\+\]: denied [AI]XFR from \[.*\]\.[[:digit:]]\+ for' | \ + sed -e 's/.*: denied [AI]XFR from \[\(.*\)\]\.[[:digit:]]* for "\(.*\)".*$/\2 from \1/' + sort -f | uniq -ic | ( + usedns=0 + if [ X"${daily_status_named_usedns}" != X"" ]; then + case $daily_status_named_usedns in + [yY][eE][sS]) usedns=1 ;; + esac + fi - while () { - if (/^.*from (.*)$/) { - $ip_addr = $1; - chomp; - if ($ARGV[0] =~ /^yes$/i) { - ($host) = gethostbyaddr(inet_aton($ip_addr), AF_INET); - } else { - $host = ""; - } - - if ($host) { - print "$_ ($host)\n"; - } else { - print "$_\n"; - } - } - } - ' $daily_status_named_usedns | tee /dev/stderr | wc -l) + while read line ;do + ipaddr=`echo "$line" | sed -e 's/^.*from //'` + if [ $usedns -eq 1 ]; then + name=`host "${ipaddr}" 2>/dev/null | \ + grep 'domain name pointer' | \ + sed -e 's/^.* //'` + fi + if [ X"${name}" != X"" ]; then + echo "${line} (${name})" + else + echo "${line}" + fi + done ) | \ + tee /dev/stderr | wc -l) [ $rc -gt 0 ] && rc=1 ;; Index: etc/periodic/security/550.ipfwlimit =================================================================== RCS file: /home/ncvs/src/etc/periodic/security/550.ipfwlimit,v retrieving revision 1.3 diff -u -r1.3 550.ipfwlimit --- etc/periodic/security/550.ipfwlimit 17 May 2002 11:34:12 -0000 1.3 +++ etc/periodic/security/550.ipfwlimit 28 May 2002 20:57:21 -0000 @@ -45,8 +45,10 @@ [Yy][Ee][Ss]) IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then - ipfw -a l | grep " log " | perl -n -e \ - '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP} + ipfw -a l | grep " log " | \ + grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ + awk -v limit="$IPFW_LOG_LIMIT" \ + '{if ($2 > limit) {print $0}}' > ${TMP} if [ -s "${TMP}" ]; then rc=1 echo "" Index: etc/periodic/security/650.ip6fwlimit =================================================================== RCS file: /home/ncvs/src/etc/periodic/security/650.ip6fwlimit,v retrieving revision 1.3 diff -u -r1.3 650.ip6fwlimit --- etc/periodic/security/650.ip6fwlimit 17 May 2002 11:34:12 -0000 1.3 +++ etc/periodic/security/650.ip6fwlimit 28 May 2002 20:57:11 -0000 @@ -45,8 +45,10 @@ [Yy][Ee][Ss]) IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null` if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then - ip6fw -a l | grep " log " | perl -n -e \ - '/^\d+\s+(\d+)/; print if ($1 >= '$IP6FW_LOG_LIMIT')' > ${TMP} + ip6fw -a l | grep " log " | \ + grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ + awk -v limit="$IPFW_LOG_LIMIT" \ + '{if ($2 > limit) {print $0}}' > ${TMP} if [ -s "${TMP}" ]; then rc=1 echo "" %%% To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message