From 0333ea509d98c356e1685d41085113d00ac10ea6 Mon Sep 17 00:00:00 2001 From: Giorgos Keramidas Date: Sat, 7 Dec 2002 23:37:44 +0000 Subject: [PATCH] Avoid using perl in the periodic & security scripts. This brings the base system one step closer to being totally perl-free. Approved by: re (jhb) --- etc/periodic/daily/440.status-mailq | 4 +- etc/periodic/daily/460.status-mail-rejects | 5 ++- etc/periodic/daily/470.status-named | 46 +++++++++++----------- etc/periodic/security/550.ipfwlimit | 6 ++- etc/periodic/security/650.ip6fwlimit | 6 ++- 5 files changed, 36 insertions(+), 31 deletions(-) diff --git a/etc/periodic/daily/440.status-mailq b/etc/periodic/daily/440.status-mailq index 90869d82245c..0aad05359ebf 100755 --- a/etc/periodic/daily/440.status-mailq +++ b/etc/periodic/daily/440.status-mailq @@ -25,7 +25,7 @@ case "$daily_status_mailq_enable" in rc=$(case "$daily_status_mailq_shorten" in [Yy][Ee][Ss]) mailq | - perl -ne 'print if /^\s+\S+@/' | + egrep -e '^[[:space:]]+[^[:space:]]+@' | sort | uniq -c | sort -nr | @@ -45,7 +45,7 @@ case "$daily_status_mailq_enable" in rc=$(case "$daily_status_mailq_shorten" in [Yy][Ee][Ss]) mailq -Ac | - perl -ne 'print if /^\s+\S+@/' | + egrep -e '^[[:space:]]+[^[:space:]]+@' | sort | uniq -c | sort -nr | diff --git a/etc/periodic/daily/460.status-mail-rejects b/etc/periodic/daily/460.status-mail-rejects index 1c7f071f4fbd..596af492cd6b 100755 --- a/etc/periodic/daily/460.status-mail-rejects +++ b/etc/periodic/daily/460.status-mail-rejects @@ -51,8 +51,9 @@ case "$daily_status_mail_rejects_enable" in done cat /var/log/maillog } | - perl -ne "print \"\$2\n\" - if (/reject=/ and /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o);" | + fgrep 'reject=' | + egrep -e "^$start.*ruleset=check_[^[:space:]]+,[[:space:]]+arg1=(<[^@]+@)?([^>,]+).*reject=.*" | + sed -e 's/.*arg1=//' -e 's/.*@//' -e 's/[>[:space:]].*$//' | sort -f | uniq -ic | sort -fnr | tee /dev/stderr | wc -l) [ $rc -gt 0 ] && rc=1 fi;; diff --git a/etc/periodic/daily/470.status-named b/etc/periodic/daily/470.status-named index 30507474b490..795c18c0f048 100755 --- a/etc/periodic/daily/470.status-named +++ b/etc/periodic/daily/470.status-named @@ -25,30 +25,30 @@ case "$daily_status_named_enable" in start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'` rc=$(catmsgs | - perl -ne 'print "$2 from $1\n" - if (/^'"$start"'.*named\[\d+\]: denied [AI]XFR from \[(.*)\]\.\d+ for "(.*)"/);' | - sort -f | uniq -ic | - perl -e ' - use Socket; + fgrep '^'"$start"'.*named\[[[:digit:]]\+\]: denied [AI]XFR from \[.*\]\.[[:digit:]]\+ for' | \ + sed -e 's/.*: denied [AI]XFR from \[\(.*\)\]\.[[:digit:]]* for "\(.*\)".*$/\2 from \1/' + sort -f | uniq -ic | ( + usedns=0 + if [ X"${daily_status_named_usedns}" != X"" ]; then + case $daily_status_named_usedns in + [yY][eE][sS]) usedns=1 ;; + esac + fi - while () { - if (/^.*from (.*)$/) { - $ip_addr = $1; - chomp; - if ($ARGV[0] =~ /^yes$/i) { - ($host) = gethostbyaddr(inet_aton($ip_addr), AF_INET); - } else { - $host = ""; - } - - if ($host) { - print "$_ ($host)\n"; - } else { - print "$_\n"; - } - } - } - ' $daily_status_named_usedns | tee /dev/stderr | wc -l) + while read line ;do + ipaddr=`echo "$line" | sed -e 's/^.*from //'` + if [ $usedns -eq 1 ]; then + name=`host "${ipaddr}" 2>/dev/null | \ + grep 'domain name pointer' | \ + sed -e 's/^.* //'` + fi + if [ X"${name}" != X"" ]; then + echo "${line} (${name})" + else + echo "${line}" + fi + done ) | \ + tee /dev/stderr | wc -l) [ $rc -gt 0 ] && rc=1 ;; diff --git a/etc/periodic/security/550.ipfwlimit b/etc/periodic/security/550.ipfwlimit index 653dcf16a0e2..d033645c1830 100755 --- a/etc/periodic/security/550.ipfwlimit +++ b/etc/periodic/security/550.ipfwlimit @@ -45,8 +45,10 @@ case "$daily_status_security_ipfwlimit_enable" in TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then - ipfw -a l | grep " log " | perl -n -e \ - '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP} + ipfw -a l | grep " log " | \ + grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ + awk -v limit="$IPFW_LOG_LIMIT" \ + '{if ($2 > limit) {print $0}}' > ${TMP} if [ -s "${TMP}" ]; then rc=1 echo "" diff --git a/etc/periodic/security/650.ip6fwlimit b/etc/periodic/security/650.ip6fwlimit index 3a19c9981c12..56cdf282ea96 100755 --- a/etc/periodic/security/650.ip6fwlimit +++ b/etc/periodic/security/650.ip6fwlimit @@ -45,8 +45,10 @@ case "$daily_status_security_ip6fwlimit_enable" in TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null` if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then - ip6fw -a l | grep " log " | perl -n -e \ - '/^\d+\s+(\d+)/; print if ($1 >= '$IP6FW_LOG_LIMIT')' > ${TMP} + ip6fw -a l | grep " log " | \ + grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ + awk -v limit="$IPFW_LOG_LIMIT" \ + '{if ($2 > limit) {print $0}}' > ${TMP} if [ -s "${TMP}" ]; then rc=1 echo ""