Hi folks, I think there's a little mistake in /etc/periodic/security/security.functions: if check_diff() is called whith "new_only" as its first argument, as it is in /etc/periodic/security/520.pfdenied (and 500.ipfwdenied), it will use "grep '^>'" as a filter to grep only the different lines between the ouput of "pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); print buf$0;} }'" and /var/log/pf.today . The diff between the output and the file is done with diff {daily_status_security_diff_flags} /var/log/pf.today $OUTPUT and the filter is "piped" after this command, so we have: diff {daily_status_security_diff_flags} /var/log/pf.today $OUTPUT | grep '^>' but daily_status_security_diff_flags is set to "-b -u" in /etc/defaults/periodic.conf so there aren't lines beginning with ">", because we are doing an unified diff. The filter then gives no output and the only output of /etc/periodic/security/520.pfdenied is $HOSTNAME pf denied packets: This can be solved changing $filter from "grep '^>'" to "grep '^+'" in /etc/periodic/security/security.functions, line 46. Best Regards -- Rionda aka Matteo Riondato GUFI Staff Member (http://www.gufi.org) FreeSBIE Developer (http://www.freesbie.org) BSD-FAQ-it Main Developer (http://utenti.gufi.org/~rionda) Sent from: kaiser.sig11.org running FreeBSD-6.0-CURRENT
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:28 UTC