From owner-freebsd-bugs Wed Sep 22 15:10: 6 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 304FA158A6 for ; Wed, 22 Sep 1999 15:10:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id PAA09358; Wed, 22 Sep 1999 15:10:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from alcanet.com.au (border.alcanet.com.au [203.62.196.10]) by hub.freebsd.org (Postfix) with ESMTP id 5CCF214D13 for ; Wed, 22 Sep 1999 15:09:30 -0700 (PDT) (envelope-from jeremyp@gsmx07.alcatel.com.au) Received: by border.alcanet.com.au id <40380>; Thu, 23 Sep 1999 08:06:49 +1000 Message-Id: <99Sep23.080649est.40380@border.alcanet.com.au> Date: Thu, 23 Sep 1999 08:09:14 +1000 From: Peter Jeremy Reply-To: peter.jeremy@alcatel.com.au To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: bin/13909: /etc/security problems: IPFIREWALL and passwd comments Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 13909 >Category: bin >Synopsis: /etc/security problems: IPFIREWALL and passwd comments >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Sep 22 15:10:01 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Peter Jeremy >Release: FreeBSD 4.0-CURRENT i386 >Organization: Alcatel Australia Limited >Environment: cvs-cur 5686 >Description: /etc/security (normally run nightly) incorrectly reports '#' as a passwordless account, and if the kernel does not include IPFIREWALL, it reports '[: 0: unexpected operator' >How-To-Repeat: Install the standard .../src/etc/master.passwd and run a kernel without IPFIREWALL (GENERIC should do). Run /etc/security. The output will include: checking for passwordless accounts: # [: 0: unexpected operator >Fix: 1) Ignore comment lines in /etc/master.passwd when checking for passwordless accounts. 2) Put reference to ${IPFW_LOG_LIMIT} inside quotes so the test becomes [ 1 -eq 0 -a "" -ne 0 ], rather than [ 1 -eq 0 -a -ne 0 ] if net.inet.ip.fw.verbose_limit does not exist (ie if IPFIREWALL not in kernel). Index: src/etc/security =================================================================== RCS file: /home/CVSROOT/./src/etc/security,v retrieving revision 1.33 diff -u -r1.33 security --- security 1999/09/13 15:44:18 1.33 +++ security 1999/09/22 21:37:27 @@ -55,7 +55,7 @@ separator echo "checking for passwordless accounts:" -awk -F: '$1 !~ /^\+/ && $2=="" {print $0}' /etc/master.passwd +awk -F: '$1 !~ /^[#+]/ && $2=="" {print $0}' /etc/master.passwd # Show denied packets # @@ -78,7 +78,7 @@ # Show ipfw rules which have reached the log limit # IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` -if [ $? -eq 0 -a ${IPFW_LOG_LIMIT} -ne 0 ]; then +if [ $? -eq 0 -a "${IPFW_LOG_LIMIT}" -ne 0 ]; then ipfw -a l | grep " log " | perl -n -e \ '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP} if [ -s ${TMP} ]; then -- Peter Jeremy (VK2PJ) peter.jeremy@alcatel.com.au Alcatel Australia Limited 41 Mandible St Phone: +61 2 9690 5019 ALEXANDRIA NSW 2015 Fax: +61 2 9690 5982 >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message