Date: Tue, 28 Nov 2000 18:16:42 +0100 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-security@FreeBSD.ORG Subject: Re: sockstat in /etc/security (was: fics) Message-ID: <20001128181642.M27042@speedy.gsinet> In-Reply-To: <Pine.LNX.4.30.0011271701480.32226-200000@calliope.cs.brandeis.edu>; from meshko@cs.brandeis.edu on Mon, Nov 27, 2000 at 05:04:02PM -0500 References: <Pine.GSO.4.30.0011271505560.19184-100000@nova.fnal.gov> <Pine.LNX.4.30.0011271701480.32226-200000@calliope.cs.brandeis.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 27, 2000 at 17:04 -0500, Mikhail Kruk wrote:
>
> [ ... sockstat(1) survey ... ]
>
> I added it to my /etc/security and it seems to work.
> diff file is attached (with the new 4.2 compatible version by Tim)
>
> [ ... ]
>
> 78a79,95
> > # Show changes in the open tcp sockets
> > #
> > if sockstat|grep "\*.[0-9 ]*\*.\*"|cut -c1-9,10-18,39-45|sort -u|sort -n +2 > $TMP; then
What do you expect to be the exit status of this command (look at
"man sh" and search for "Pipelines")? Reading "man sort" and
searching for "exit" and "resu" I don't see any(!) defined return
value for the "sort -n" invocation.
I would even dare to say this /etc/security block shouldn't have
*any* condition for execution. Changing from or to zero
listening sockets (installing a new machine or disabling all
services) is something you definitely want to know. Maybe the
suid files' list is the best template to derive from.
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001128181642.M27042>