Date: Tue, 22 Feb 2005 10:06:16 -0800 (PST) From: Doug White <dwhite@gumbysoft.com> To: Matteo Riondato <rionda@gufi.org> Cc: freebsd-current@freebsd.org Subject: Re: Question about periodic Message-ID: <20050222095536.E97883@carver.gumbysoft.com> In-Reply-To: <1109071079.1390.21.camel@kaiser.sig11.org> References: <1109071079.1390.21.camel@kaiser.sig11.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 22 Feb 2005, Matteo Riondato wrote:
> Hi folks,
> I think there's a little mistake
> in /etc/periodic/security/security.functions:
>
> if check_diff() is called whith "new_only" as its first argument, as it
> is in /etc/periodic/security/520.pfdenied (and 500.ipfwdenied), it will
> use "grep '^>'" as a filter to grep only the different lines between the
> ouput of "pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0;
> getline; gsub(" +"," ",$0); print buf$0;} }'" and /var/log/pf.today .
>
> The diff between the output and the file is done with
> diff {daily_status_security_diff_flags} /var/log/pf.today $OUTPUT
> and the filter is "piped" after this command, so we have:
>
> diff {daily_status_security_diff_flags} /var/log/pf.today $OUTPUT | grep
> '^>'
>
> but daily_status_security_diff_flags is set to "-b -u"
> in /etc/defaults/periodic.conf so there aren't lines beginning with ">",
> because we are doing an unified diff. The filter then gives no output
> and the only output of /etc/periodic/security/520.pfdenied is
>
> $HOSTNAME pf denied packets:
>
> This can be solved changing $filter from "grep '^>'" to "grep '^+'"
> in /etc/periodic/security/security.functions, line 46.
Or take the -u out of the default, which I think is the intended behavior,
looking at the commit logs. The daily_status_security_diff_flags option
predates the pf scripts by about 3 months so I'm not sure how that got
past testing :)
Please send-pr this and poke mlaier and keramida about it.
--
Doug White | FreeBSD: The Power to Serve
dwhite@gumbysoft.com | www.FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050222095536.E97883>