Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 15 Aug 2001 08:14:30 -0500
From:      D J Hawkey Jr <hawkeyd@visi.com>
To:        modulus@icmp.dhs.org, freebsd-security@freebsd.org
Subject:   Re: [modulus@icmp.dhs.org Re: ipmon and periodic]
Message-ID:  <20010815081430.A7983@sheol.localdomain>
next in thread | raw e-mail | index | archive | help 
Hello All.

This is old business (Feb 2001), but "modulus@icmp.dhs.org" had written 
a script for /etc/periodic/daily to include messages logged by 'ipmon' in
the daily security mailing. I borrowed a bit of his script, but took a
different approach, which I think more elegant.

Please review and comment. Perhaps the Right People(tm) can forward it to
the Other Right People(tm) for the -CURRENT and/or -STABLE CVS trees?

This is from FreeBSD-4.2REL, incidentally. I had switched from 'ipfw' to
the kernel's ipfilter yesterday, and was dismayed to find nothing in the
daily security mailing this morning. This may already be remedied for
current and future releases?

---8<---

--- /etc/security       Mon Nov 20 06:03:04 2000
+++ security    Wed Aug 15 07:54:06 2001
@@ -43,6 +43,9 @@
   [ -f $LOG/messages.0.gz ] && zcat $LOG/messages.0.gz
   [ -f $LOG/messages.0 ] && cat $LOG/messages.0
   [ -f $LOG/messages ] && cat $LOG/messages
+  [ -f $LOG/security.0.gz ] && zcat $LOG/security.0.gz
+  [ -f $LOG/security.0 ] && cat $LOG/security.0
+  [ -f $LOG/security ] && cat $LOG/security
 }
 
 sflag=FALSE ignore=
@@ -160,6 +163,15 @@
                echo "ipfw log limit reached:"
                cat ${TMP}
        fi
+fi
+
+# Show ipfilter log messages
+#
+if n=$(catmsgs | grep -i "^$yesterday.*ipmon" | tee ${TMP} | wc -l); then
+        [ $n -gt 0 -a $rc -lt 1 ] && rc=1
+        separator
+        echo "${host} ipfilter log messages:"
+        cat ${TMP} | awk '{ match($0, $6); printf "%s\n", substr($0, RSTART) }'
 fi
 
 # Show kernel log messages

--->8---

Dave

-- 
  ______________________                         ______________________
  \__________________   \    D. J. HAWKEY JR.   /   __________________/
     \________________/\     hawkeyd@visi.com    /\________________/
                      http://www.visi.com/~hawkeyd/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010815081430.A7983>