From owner-freebsd-bugs@FreeBSD.ORG Tue Feb 22 18:20:19 2005 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5277616A4CE for ; Tue, 22 Feb 2005 18:20:19 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 07E5E43D53 for ; Tue, 22 Feb 2005 18:20:19 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j1MIKIIe023350 for ; Tue, 22 Feb 2005 18:20:18 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j1MIKIEn023349; Tue, 22 Feb 2005 18:20:18 GMT (envelope-from gnats) Resent-Date: Tue, 22 Feb 2005 18:20:18 GMT Resent-Message-Id: <200502221820.j1MIKIEn023349@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Matteo Riondato Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E42DD16A4CE; Tue, 22 Feb 2005 18:19:30 +0000 (GMT) Received: from relay.gufi.org (civetta.gufi.org [193.27.203.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DA3843D48; Tue, 22 Feb 2005 18:19:30 +0000 (GMT) (envelope-from rionda@utenti.gufi.org) Received: from utenti.gufi.org (utenti.gufi.org [193.27.203.174]) by relay.gufi.org (Postfix) with ESMTP id 478F4211AA; Tue, 22 Feb 2005 19:19:29 +0100 (CET) Received: (from rionda@localhost) by utenti.gufi.org (8.12.11/8.12.11/Submit) id j1MIJSqN069957; Tue, 22 Feb 2005 19:19:28 +0100 (CET) (envelope-from rionda) Message-Id: <200502221819.j1MIJSqN069957@utenti.gufi.org> Date: Tue, 22 Feb 2005 19:19:28 +0100 (CET) From: Matteo Riondato To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: mlaier@FreeBSD.org cc: keramida@FreeBSD.org Subject: conf/77932: pf and ipfw periodic scripts not working X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Matteo Riondato List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Feb 2005 18:20:19 -0000 >Number: 77932 >Category: conf >Synopsis: pf and ipfw periodic scripts not working >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Feb 22 18:20:18 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Matteo Riondato >Release: FreeBSD 6-CURRENT i386 >Organization: >Environment: System: FreeBSD kaiser.sig11.org 6.0-CURRENT FreeBSD 6.0-CURRENT #2: Sun Feb 20 21:19:06 CET 2005 rionda@kaiser.sig11.org:/usr/obj/usr/src/sys/KAISER i386 >Description: I think there's a little mistake in /etc/periodic/security/security.functions: if check_diff() is called whith "new_only" as its first argument, as it is in /etc/periodic/security/520.pfdenied (and 500.ipfwdenied), it will use "grep '^>'" as a filter to grep only the different lines between the ouput of "pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); print buf$0;} }'" and /var/log/pf.today . The diff between the output and the file is done with diff {daily_status_security_diff_flags} /var/log/pf.today $OUTPUT and the filter is "piped" after this command, so we have: diff {daily_status_security_diff_flags} /var/log/pf.today $OUTPUT | grep '^>' but daily_status_security_diff_flags is set to "-b -u" in /etc/defaults/periodic.conf so there aren't lines beginning with ">", because we are doing an unified diff. The filter then gives no output and the only output of /etc/periodic/security/520.pfdenied is $HOSTNAME pf denied packets: This can be solved changing $filter from "grep '^>'" to "grep '^+'" in /etc/periodic/security/security.functions, line 46. I would not change daily_status_security_diff_flags as I remember that having unified diff in periodic mails was disscussed and approved in the MLs >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: