Date: Tue, 22 Feb 2005 12:17:59 +0100 From: Matteo Riondato <rionda@gufi.org> To: freebsd-current@freebsd.org Subject: Question about periodic Message-ID: <1109071079.1390.21.camel@kaiser.sig11.org>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Hi folks,
I think there's a little mistake
in /etc/periodic/security/security.functions:
if check_diff() is called whith "new_only" as its first argument, as it
is in /etc/periodic/security/520.pfdenied (and 500.ipfwdenied), it will
use "grep '^>'" as a filter to grep only the different lines between the
ouput of "pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0;
getline; gsub(" +"," ",$0); print buf$0;} }'" and /var/log/pf.today .
The diff between the output and the file is done with
diff {daily_status_security_diff_flags} /var/log/pf.today $OUTPUT
and the filter is "piped" after this command, so we have:
diff {daily_status_security_diff_flags} /var/log/pf.today $OUTPUT | grep
'^>'
but daily_status_security_diff_flags is set to "-b -u"
in /etc/defaults/periodic.conf so there aren't lines beginning with ">",
because we are doing an unified diff. The filter then gives no output
and the only output of /etc/periodic/security/520.pfdenied is
$HOSTNAME pf denied packets:
This can be solved changing $filter from "grep '^>'" to "grep '^+'"
in /etc/periodic/security/security.functions, line 46.
Best Regards
--
Rionda aka Matteo Riondato
GUFI Staff Member (http://www.gufi.org)
FreeSBIE Developer (http://www.freesbie.org)
BSD-FAQ-it Main Developer (http://utenti.gufi.org/~rionda)
Sent from: kaiser.sig11.org running FreeBSD-6.0-CURRENT
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQBCGxTn2Mp4pR7Fa+wRAmvtAKCOZ3h1wI6deUGDqSsa+rjc5gyFhwCg1gu6
S9rvo4iDxJHCvIc0HDKVgY0=
=Jvy5
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1109071079.1390.21.camel>