From owner-freebsd-current@FreeBSD.ORG Tue Feb 22 11:18:06 2005 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17B2A16A4D0 for ; Tue, 22 Feb 2005 11:18:06 +0000 (GMT) Received: from jail1-fbsd4.consiagnet.it (jail1-fbsd4.consiagnet.it [83.149.128.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7936C43D48 for ; Tue, 22 Feb 2005 11:18:05 +0000 (GMT) (envelope-from rionda@gufi.org) Received: from localhost.localdomain (host130-176.pool8254.interbusiness.it [82.54.176.130]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by jail1-fbsd4.consiagnet.it (Postfix) with ESMTP id 090A15760 for ; Tue, 22 Feb 2005 12:22:46 +0100 (CET) From: Matteo Riondato To: freebsd-current@freebsd.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-9T7ft89F9Xmtii8s/2bs" Date: Tue, 22 Feb 2005 12:17:59 +0100 Message-Id: <1109071079.1390.21.camel@kaiser.sig11.org> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 FreeBSD GNOME Team Port Subject: Question about periodic X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Feb 2005 11:18:06 -0000 --=-9T7ft89F9Xmtii8s/2bs Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi folks, I think there's a little mistake in /etc/periodic/security/security.functions: if check_diff() is called whith "new_only" as its first argument, as it is in /etc/periodic/security/520.pfdenied (and 500.ipfwdenied), it will use "grep '^>'" as a filter to grep only the different lines between the ouput of "pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=3D$0; getline; gsub(" +"," ",$0); print buf$0;} }'" and /var/log/pf.today . The diff between the output and the file is done with=20 diff {daily_status_security_diff_flags} /var/log/pf.today $OUTPUT and the filter is "piped" after this command, so we have: diff {daily_status_security_diff_flags} /var/log/pf.today $OUTPUT | grep '^>'=20 but daily_status_security_diff_flags is set to "-b -u" in /etc/defaults/periodic.conf so there aren't lines beginning with ">", because we are doing an unified diff. The filter then gives no output and the only output of /etc/periodic/security/520.pfdenied is=20 $HOSTNAME pf denied packets: This can be solved changing $filter from "grep '^>'" to "grep '^+'" in /etc/periodic/security/security.functions, line 46.=20 Best Regards --=20 Rionda aka Matteo Riondato GUFI Staff Member (http://www.gufi.org) FreeSBIE Developer (http://www.freesbie.org) BSD-FAQ-it Main Developer (http://utenti.gufi.org/~rionda) Sent from: kaiser.sig11.org running FreeBSD-6.0-CURRENT --=-9T7ft89F9Xmtii8s/2bs Content-Type: application/pgp-signature; name=signature.asc Content-Description: Questa parte del messaggio =?ISO-8859-1?Q?=E8?= firmata -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBCGxTn2Mp4pR7Fa+wRAmvtAKCOZ3h1wI6deUGDqSsa+rjc5gyFhwCg1gu6 S9rvo4iDxJHCvIc0HDKVgY0= =Jvy5 -----END PGP SIGNATURE----- --=-9T7ft89F9Xmtii8s/2bs--