Avoid using perl in the periodic & security scripts. This brings the

base system one step closer to being totally perl-free.

Approved by:	re (jhb)

etc/periodic/daily/440.status-mailq

@@ -25,7 +25,7 @@ case "$daily_status_mailq_enable" in
 	    rc=$(case "$daily_status_mailq_shorten" in
 		[Yy][Ee][Ss])
 		    mailq |
-			perl -ne  'print if /^\s+\S+@/' |
+			egrep -e '^[[:space:]]+[^[:space:]]+@' |
 			sort |
 			uniq -c |
 			sort -nr |
@@ -45,7 +45,7 @@ case "$daily_status_mailq_enable" in
 		    rc=$(case "$daily_status_mailq_shorten" in
 			[Yy][Ee][Ss])
 			    mailq -Ac |
-				perl -ne  'print if /^\s+\S+@/' |
+				egrep -e '^[[:space:]]+[^[:space:]]+@' |
 				sort |
 				uniq -c |
 				sort -nr |

etc/periodic/daily/460.status-mail-rejects

@@ -51,8 +51,9 @@ case "$daily_status_mail_rejects_enable" in
 		done
 		cat /var/log/maillog
 	    } |
-		perl -ne "print \"\$2\n\"
-		    if (/reject=/ and /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o);" |
+		fgrep 'reject=' |
+		egrep -e "^$start.*ruleset=check_[^[:space:]]+,[[:space:]]+arg1=(<[^@]+@)?([^>,]+).*reject=.*" |
+		sed -e 's/.*arg1=//' -e 's/.*@//' -e 's/[>[:space:]].*$//' |
 		sort -f | uniq -ic | sort -fnr | tee /dev/stderr | wc -l)
 	    [ $rc -gt 0 ] && rc=1
 	fi;;

etc/periodic/daily/470.status-named

@@ -25,30 +25,30 @@ case "$daily_status_named_enable" in
 
 	start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'`
 	rc=$(catmsgs |
-	    perl -ne 'print "$2 from $1\n"
-		if (/^'"$start"'.*named\[\d+\]: denied [AI]XFR from \[(.*)\]\.\d+ for "(.*)"/);' |
-	    sort -f | uniq -ic | 
-	    perl -e '
-		use Socket;
+	    fgrep '^'"$start"'.*named\[[[:digit:]]\+\]: denied [AI]XFR from \[.*\]\.[[:digit:]]\+ for' | \
+	    sed -e 's/.*: denied [AI]XFR from \[\(.*\)\]\.[[:digit:]]* for "\(.*\)".*$/\2 from \1/'
+	    sort -f | uniq -ic | (
+		usedns=0
+		if [ X"${daily_status_named_usedns}" != X"" ]; then
+			case $daily_status_named_usedns in
+			[yY][eE][sS])   usedns=1 ;;
+			esac
+		fi
 
-		while (<STDIN>) {
-			if (/^.*from (.*)$/) {
-				$ip_addr = $1;
-				chomp;
-				if ($ARGV[0] =~ /^yes$/i) {
-					($host) = gethostbyaddr(inet_aton($ip_addr), AF_INET);
-				} else {
-					$host = "";
-				}
-
-				if ($host) {
-					print "$_ ($host)\n";
-				} else {
-					print "$_\n";
-				}
-			}
-		}
-	    ' $daily_status_named_usedns | tee /dev/stderr | wc -l)
+		while read line ;do
+			ipaddr=`echo "$line" | sed -e 's/^.*from //'`
+			if [ $usedns -eq 1 ]; then
+				name=`host "${ipaddr}" 2>/dev/null | \
+				   grep 'domain name pointer' | \
+				   sed -e 's/^.* //'`
+			fi
+			if [ X"${name}" != X"" ]; then
+				echo "${line} (${name})"
+			else
+				echo "${line}"
+			fi
+		done ) | \
+		tee /dev/stderr | wc -l)
 	[ $rc -gt 0 ] && rc=1
 	;;
 

etc/periodic/security/550.ipfwlimit

@@ -45,8 +45,10 @@ case "$daily_status_security_ipfwlimit_enable" in
 	TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
 	IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null`
 	if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then
-	    ipfw -a l | grep " log " | perl -n -e \
-		'/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP}
+	    ipfw -a l | grep " log " | \
+	    grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \
+	    awk -v limit="$IPFW_LOG_LIMIT" \
+		'{if ($2 > limit) {print $0}}' > ${TMP}
 	    if [ -s "${TMP}" ]; then
 		rc=1
 		echo ""

etc/periodic/security/650.ip6fwlimit

@@ -45,8 +45,10 @@ case "$daily_status_security_ip6fwlimit_enable" in
 	TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
 	IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null`
 	if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then
-	    ip6fw -a l | grep " log " | perl -n -e \
-		'/^\d+\s+(\d+)/; print if ($1 >= '$IP6FW_LOG_LIMIT')' > ${TMP}
+	    ip6fw -a l | grep " log " | \
+	    grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \
+	    awk -v limit="$IPFW_LOG_LIMIT" \
+		'{if ($2 > limit) {print $0}}' > ${TMP}
 	    if [ -s "${TMP}" ]; then
 		rc=1
 		echo ""