On Tue, 22 Feb 2005, Matteo Riondato wrote: > Hi folks, > I think there's a little mistake > in /etc/periodic/security/security.functions: > > if check_diff() is called whith "new_only" as its first argument, as it > is in /etc/periodic/security/520.pfdenied (and 500.ipfwdenied), it will > use "grep '^>'" as a filter to grep only the different lines between the > ouput of "pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; > getline; gsub(" +"," ",$0); print buf$0;} }'" and /var/log/pf.today . > > The diff between the output and the file is done with > diff {daily_status_security_diff_flags} /var/log/pf.today $OUTPUT > and the filter is "piped" after this command, so we have: > > diff {daily_status_security_diff_flags} /var/log/pf.today $OUTPUT | grep > '^>' > > but daily_status_security_diff_flags is set to "-b -u" > in /etc/defaults/periodic.conf so there aren't lines beginning with ">", > because we are doing an unified diff. The filter then gives no output > and the only output of /etc/periodic/security/520.pfdenied is > > $HOSTNAME pf denied packets: > > This can be solved changing $filter from "grep '^>'" to "grep '^+'" > in /etc/periodic/security/security.functions, line 46. Or take the -u out of the default, which I think is the intended behavior, looking at the commit logs. The daily_status_security_diff_flags option predates the pf scripts by about 3 months so I'm not sure how that got past testing :) Please send-pr this and poke mlaier and keramida about it. -- Doug White | FreeBSD: The Power to Serve dwhite_at_gumbysoft.com | www.FreeBSD.orgReceived on Tue Feb 22 2005 - 17:06:16 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:28 UTC