Date: Thu, 23 Sep 1999 08:09:14 +1000 From: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/13909: /etc/security problems: IPFIREWALL and passwd comments Message-ID: <99Sep23.080649est.40380@border.alcanet.com.au>
next in thread | raw e-mail | index | archive | help
>Number: 13909 >Category: bin >Synopsis: /etc/security problems: IPFIREWALL and passwd comments >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Sep 22 15:10:01 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Peter Jeremy >Release: FreeBSD 4.0-CURRENT i386 >Organization: Alcatel Australia Limited >Environment: cvs-cur 5686 >Description: /etc/security (normally run nightly) incorrectly reports '#' as a passwordless account, and if the kernel does not include IPFIREWALL, it reports '[: 0: unexpected operator' >How-To-Repeat: Install the standard .../src/etc/master.passwd and run a kernel without IPFIREWALL (GENERIC should do). Run /etc/security. The output will include: checking for passwordless accounts: # [: 0: unexpected operator >Fix: 1) Ignore comment lines in /etc/master.passwd when checking for passwordless accounts. 2) Put reference to ${IPFW_LOG_LIMIT} inside quotes so the test becomes [ 1 -eq 0 -a "" -ne 0 ], rather than [ 1 -eq 0 -a -ne 0 ] if net.inet.ip.fw.verbose_limit does not exist (ie if IPFIREWALL not in kernel). Index: src/etc/security =================================================================== RCS file: /home/CVSROOT/./src/etc/security,v retrieving revision 1.33 diff -u -r1.33 security --- security 1999/09/13 15:44:18 1.33 +++ security 1999/09/22 21:37:27 @@ -55,7 +55,7 @@ separator echo "checking for passwordless accounts:" -awk -F: '$1 !~ /^\+/ && $2=="" {print $0}' /etc/master.passwd +awk -F: '$1 !~ /^[#+]/ && $2=="" {print $0}' /etc/master.passwd # Show denied packets # @@ -78,7 +78,7 @@ # Show ipfw rules which have reached the log limit # IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` -if [ $? -eq 0 -a ${IPFW_LOG_LIMIT} -ne 0 ]; then +if [ $? -eq 0 -a "${IPFW_LOG_LIMIT}" -ne 0 ]; then ipfw -a l | grep " log " | perl -n -e \ '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP} if [ -s ${TMP} ]; then -- Peter Jeremy (VK2PJ) peter.jeremy@alcatel.com.au Alcatel Australia Limited 41 Mandible St Phone: +61 2 9690 5019 ALEXANDRIA NSW 2015 Fax: +61 2 9690 5982 >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99Sep23.080649est.40380>