Remko Lodder
217d9e4862
Only match on log messages containing fail,invalid,
...
bad or illegal. This prevents matching on systems that
have a name that matches the query.
PR: conf/107560
Submitted by: Christian Laursen <cfsl at pil dot dk>
MFC after: 3 days
Approved by: imp (mentor)
2007-02-23 21:42:54 +00:00
Remko Lodder
4ee46876eb
Move to the preferred syntax for nice (-n) instead
...
of the depricated one.
PR: conf/108611
Submitted by: TAOKA Fumiyoshi <fmysh at iijmio-mail dot jp>
Approved by: imp (mentor)
2007-02-23 18:44:20 +00:00
John Polstra
bd4dbd7879
Use egrep instead of grep so that reporting of login failures (broken
...
by revision 1.6) works again. This fix is already in RELENG_6, but was
never committed to HEAD.
2007-02-05 16:36:25 +00:00
Ruslan Ermilov
ca7f20f57f
The kvm_mkdb(8) is long dead.
2006-08-29 08:49:58 +00:00
Tom Rhodes
b5aea37f80
Add login.conf checking to periodic security scripts. If the login.conf file
...
is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.
Head nod: ru, rwatson
2006-08-25 07:34:36 +00:00
Maxim Konovalov
e64917677e
o Add missed $start variable in the grep statement back.
...
PR: conf/96658
Submitted by: James Snow
MFC after: 1 week
2006-06-11 20:39:12 +00:00
Max Laier
9277da52e1
Move etc/rc.firewall6 to ipfw2+v6, update related rc.d and periodic scripts.
...
Since ipfw2 now does dual-stack, statistics for IPv6 come from the ipfw
scripts as well.
2006-05-12 19:17:34 +00:00
Matteo Riondato
846bc8c6f4
Fix output and exit status when daily_mailq_shorten is set to YES
...
PR: conf/93472
MFC after: 3
2006-03-08 17:26:53 +00:00
Matteo Riondato
fe468fe9c0
Enhance loginfail: it will catch sshd, proftpd and su errors, as well as other programs
...
PR: conf/70973
Submitted by: Ryan Sommers" <ryans@gamersimpact.com>
Approved by: philip (mentor)
MFC after: 3 days
2006-03-05 15:45:38 +00:00
Christian Brueffer
9ccfd1e437
Add periodic scripts that check the status of graid3(8), gstripe(8)
...
and gconcat(8) devices, respectively.
Approved by: rwatson (mentor)
2006-03-02 14:44:19 +00:00
Matteo Riondato
2da6fa9f1f
When there are no interesting information in output, exit with 0.
...
PR: conf/92299
Submitted by: Petr Rehor <prehor@gmail.com>
Approved by: philip (mentor)
MFC after: 3 days
2006-02-07 08:21:06 +00:00
Maxim Konovalov
eb6b185e1e
o Add 406.status-gmirror, sort.
...
Submitted by: brueffer
2006-01-21 20:16:30 +00:00
Garrett Wollman
9960bd718b
Add a daily script to show the status of gmirror(8) devices.
2006-01-13 18:07:52 +00:00
Doug Barton
a2362f35f6
Update the test for failed zone transfers to reflect BIND 9.3.1 semantics
...
Simplify the shell scripting a bit, and remove a useless grep | sed
The problem was pointed out by the PR, and I used part of the solution
suggested there, but the semantics changed again for 9.2.x -> 9.3.x.
PR: conf/74228
Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com>
2005-11-22 22:24:27 +00:00
Maxim Konovalov
17793b6ae5
A new version of rev. 1.4: postpone a temporary file creation
...
until we realize if ipfw(4) ever used.
PR: bin/85970
Submitted by: Andre Albsmeier
MFC after: 3 days
2005-09-11 14:29:58 +00:00
Gleb Smirnoff
fcb3c1b182
Fix braino in last commit. Print nothing if ipfw(4) is not present.
2005-08-31 08:31:14 +00:00
Colin Percival
d7883da19f
When looking for new lines in diff output, grep for '^[>+]' instead of
...
'^>', in order to catch both normal and unified diffs.
Problem reported by: volker at vwsoft dot com via -stable
MFC after: 3 days
2005-08-22 09:33:36 +00:00
Gleb Smirnoff
07d6ed30ec
- Correctly parse output, when logging amount is limited in the
...
rule itself, not in verbose_limit sysctl. [1]
- Do check rules, even if verbose_limit is set 0. Rules may have
their own log limits.
PR: conf/77929
Submitted by: Andriy Gapon [1]
Reviewed by: matteo
2005-08-20 09:41:49 +00:00
Ruslan Ermilov
8aad57438b
Purge orphan catpages.
...
PR: conf/35242
Submitted by: Annihilator <annihilator.c@usa.net>
2005-03-30 18:02:49 +00:00
Suleiman Souhlal
71b7f1cffb
Replace "ipfw l", which is now deprecated, with "ipfw list".
...
Approved by: grehan (mentor)
2005-02-23 15:07:36 +00:00
Gleb Smirnoff
aed9792fae
Don't do setuid checks on file systems mounted with noexec option.
...
Reviewed by: brian, ru
MFC after: 1 week
2005-01-13 15:07:35 +00:00
Brian Somers
b96d69488c
Sed doesn't grok '[ \t]' -- it doesn't expand the \t :(
...
As there are no tabs in maillog, reduce the expression so that only spaces
are used.
Problem raised by: Leif Neland root at internet dot dk
2005-01-12 01:31:21 +00:00
Brian Somers
b389bf7570
Oops, the < in arg1=< is optional - treat it as such!
2005-01-11 10:54:38 +00:00
Brian Somers
cd3384a7ec
Adjust the mail reject output so that it gives an abreviated reason for the
...
reject. For example:
Checking for rejected mail hosts:
48 getherbalnow.info (451... resolve)
46 absorb.com (451... resolve)
4 tgmart01.codns.com (553... exist)
3 kali.com.cn (451... resolve)
2 genie.com (451... resolve)
1 zv.qy (553... exist)
1 zd.hinet.hr (553... exist)
....
The bit in parenthesis is the reject code and the last word on the line -
enough to give the admin a better chance of seeing real problems (hopefully!).
While I'm here, remove the "<" at the start of rejects coming from "from"
addresses without a name@ part.
I had to rewrite the patch given by the submitter as this script has been
sed'ified (used to be perl) and I think the reject code is useful....
PR: 17377
Idea from: root at ns dot internet dot dk
MFC after: 7 days
2005-01-11 02:08:53 +00:00
Brian Somers
ea7e63ea87
Collapse "fgrep | egrep | sed" down to a single sed.
...
This also trims extraneous commas from domain names.
MFC after: 7 days
2005-01-11 01:47:44 +00:00
Ruslan Ermilov
e653b48c80
Start the dreaded NOFOO -> NO_FOO conversion.
...
OK'ed by: core
2004-12-21 08:47:35 +00:00
Max Laier
66754ab3f1
Teach periodic(8) security output to display information about blocked
...
packet counts by pf(4).
This adds a ``daily_status_security_pfdenied_enable'' variable to
periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.
The output will look like this (line wrapped):
pf denied packets:
> block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0
Bytes: 0 States: 0 ]
> block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578
States: 0 ]
Submitted by: clive (thanks a lot!)
MFC after: 2 weeks
2004-11-24 18:41:53 +00:00
Joseph Koshy
59583bf53c
Add a knob 'daily_status_security_diff_flags' controlling the
...
format of the 'diff' output generated during periodic(8) scripts.
Submitted by: keramida (script changes)
Reviewed by: keramida (man page changes)
2004-09-23 02:00:52 +00:00
Josef Karthauser
bb1e7a5e19
Allow the location of the INDEX file to specified to pkg_version.
...
This is particularly convenient on a cluster of machines to prevent
having to rebuild the INDEX file on each.
Reviewed by: portmgr
2004-05-19 09:18:08 +00:00
Darren Reed
167992ad9a
Add script for checking ipv6 blocked packets from PR.
...
PR: misc/50154
Submitted by: Kimura Fuyuki <fuyuki@hadaly.org>
2004-04-20 13:44:57 +00:00
Andrey A. Chernov
6fec5a9e2a
Don't remove empty dirs if their names are in $daily_clean_tmps_ignore
2004-02-28 04:58:40 +00:00
Gregory Neil Shapiro
75d80d9541
Use hoststat/purgestat instead of sendmail -bh/-bH so the calls can
...
be properly mailwrapper'ed.
PR: conf/60676
Submitted by: Colin Percival <cperciva@daemonology.net>, maxim
MFC after: 4 days
2004-01-02 18:50:22 +00:00
Ruslan Ermilov
9ef295f29e
Use %e in the date(1) format string to eliminate the sed(1) command.
2003-11-07 21:55:35 +00:00
Jesper Skriver
9eebf81523
Add status checking of ATA raid to the daily periodic scripts.
2003-10-27 20:14:53 +00:00
Mike Makonnen
3b5ba84fd2
Have mktemp(1) construct the temporary file name for us instead
...
of providing a template manually.
Submitted by: Lars Eggert <larse@isi.edu>
2003-06-30 22:06:26 +00:00
John Baldwin
711c2e1de2
Remove 220.backup-distfile since it has been deleted.
...
Reported by: mdodd
Pointy hat to: jhb
2003-04-01 20:32:01 +00:00
John Baldwin
3165d2ea56
Complete removal of 320.rdist by removing its entry from periodic.conf and
...
removing the related 220.backup-distfile script and associatd periodic.conf
entry.
Discussed with: obrien
2003-04-01 17:45:27 +00:00
David E. O'Brien
1b79399c2b
320.rdist is OBE as we don't have rdist in the base system any more.
2003-03-29 03:28:28 +00:00
David E. O'Brien
d19c3acb44
This is OBE as we don't have rdist in the base system any longer.
2003-03-29 03:27:49 +00:00
Garrett Wollman
de1d122868
Do not do manually what sendmail(8) can do better automatically.
...
Tell sendmail to clean up its own host status cache.
The error condition handling could probably be done better.
2003-01-08 18:51:45 +00:00
Stefan Eßer
2068678af4
Add support for bzip2ed log files.
2003-01-05 21:32:50 +00:00
Giorgos Keramidas
0333ea509d
Avoid using perl in the periodic & security scripts. This brings the
...
base system one step closer to being totally perl-free.
Approved by: re (jhb)
2002-12-07 23:37:44 +00:00
Thomas Quinot
da509dd293
Do not emit a message on stderr when one of the compared files
...
is shorter than the other.
Reviewed by: roberto
MFC after: 3 days
2002-11-16 14:58:39 +00:00
Thomas Quinot
68c2bacd8d
Remove incorrect output redirection.
...
Reviewed by: roberto
Committed from: EuroBSDCon Amsterdam
MFC after: 3 days
2002-11-16 14:57:12 +00:00
Thomas Quinot
77ee1b9798
Add newly-added sripts to FILES.
...
Reviewed by: roberto
2002-10-25 15:23:26 +00:00
Thomas Quinot
7644e396f3
Add a new /etc/periodic/security script to check for packets
...
rejected by ipfilter (510.ipfdenied), and a corresponding periodic.conf
knob (daily_status_security_ipfdenied_enable).
Reviewed by: roberto
Approved by: re@
2002-10-25 15:16:54 +00:00
Thomas Quinot
cb9eff8a9e
Factor out code across various /etc/periodic/security scripts into a
...
separate file, /etc/periodic/security/security.functions.
Reviewed by: roberto (mentor)
Approved by: re@
2002-10-25 15:14:16 +00:00
Joerg Wunsch
6e84ba78c1
When considering temporary files for deletion, don't examine the mtime
...
and atime only, but also the ctime. Otherwise, files extracted from
tar or zip archives will immediately be declared stale since they've
got their mtime reset to the original mtime.
Reviewed by: brian
MFC after: 1 week
2002-10-06 18:48:20 +00:00
Brian Somers
df93d794dc
Add a pkg_version variable so that it's possible to run portsversion instead
...
of pkg_version in periodic/weekly/400.status-pkg.
2002-09-25 03:01:42 +00:00
Andrey A. Chernov
15897030c6
Make it work with POSIX sort (POS arg).
...
All old sorts understand -k too.
2002-09-24 18:53:46 +00:00
Crist J. Clark
10f23b4ad0
Only create a temporary file if we are actually going to do something
...
in the script. Eliminates a bug where we create a temp file, but don't
delete it since the rm(1) is only done if the check is enabled.
PR: bin/40960
Submitted by: frf <frf@xocolatl.com>
MFC after: 3 days
2002-08-25 04:09:17 +00:00
Jens Schweikhardt
f017edb1bf
o Test and change to the correct directory, /var/spool/.hoststat
...
o Bring if/then style in sync with /etc/rc scripts
PR: conf/41570
Submitted by: Konstantin M Volevatch <cox@rosnet.ru>
MFC after: 1 week
2002-08-12 11:09:01 +00:00
Gregory Neil Shapiro
b31d4126e3
If all file systems are marked nosuid, the line:
...
MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort`
sets ${MP} to an empty string so the next line:
set ${MP}
actually just dumps all of the shells variables to stdout (and therefore
the security report). Fixed by surrounding the code which goes through the
mounts with a test for an empty string before using ${MP}.
Reviewed by: brian
MFC after: 3 days
2002-08-03 22:33:34 +00:00
Ruslan Ermilov
bff0acee63
Install scripts via FILES (purposedly not via SCRIPTS that would
...
strip the suffixes).
2002-07-18 12:33:01 +00:00
Ruslan Ermilov
0b87f79976
s/${INSTALL} -c/${INSTALL} ${COPY}/
2002-07-18 12:07:49 +00:00
Brian Somers
103efc95e8
Mention that we're checking kernel log messages, even if there's
...
no output.
PR: 39618
MFC after: 1 week
2002-06-28 10:32:18 +00:00
Brian Somers
9e280368ad
Temporarily change our umask to 066 so that the potential creation
...
of wtmp.0 is done as mode 600.
This ensures that tight permissions set in /etc/newsyslog.conf for
wtmp logging aren't ``betrayed''.
Suggested by: lumpy <lumpy@the.whole.net>
MFC after: 3 days
2002-05-17 14:05:08 +00:00
Brian Somers
740b91b560
Change `dmesg -a'' to
`dmesg''.
...
The change was introduced in src/etc/security 1.53 almost a year ago
in an attempt to see ipfw deny message logs.
However, ipfw deny/reject logs have been displayed since version 1.13
of the same file as a separate ``job'' and have since moved to
src/etc/periodic/security/500.ipfwdenied.
MFC after: 3 days
2002-05-17 13:38:36 +00:00
Brian Somers
db1d04d6d9
Tighten up temporary file permissions and move them to ${TMPDIR:-/tmp}
...
Problem reported by: lumpy <lumpy@the.whole.net>
MFC after: 3 days
2002-05-17 11:34:12 +00:00
Brian Somers
afa3985979
Return 3 unless $daily_status_security_enable != YES.
...
Returning $? masks security output when ``periodic security'' is successful !
MFC after: 3 days
2002-05-17 11:31:45 +00:00
Brian Somers
9472aac628
Fix the output when daily_status_mailq_shorten is set to YES
...
PR: 23766
Mostly submitted by: lambert@ssabsd.csw.net
MFC after: 3 days
2002-05-07 13:11:05 +00:00
Crist J. Clark
f5a8f1482c
Remove leading whitespace from the setuid file lists.
...
Due to the way we run ls(1), through xargs(1), the leading whitespace
can change even when the setuid files haven't. To avoid displaying
these lines, we currently run diff(1) with the '-w' option. However,
this is probably not the ideal way to go; there is a very, very small
possibility for diff(1) to miss things is shouldn't. So, with the
leading space cleaned, we can revert to the '-b' option which is
"safer."
PR: conf/37618
Reviewed by: brian
MFC after: 3 days
2002-05-05 00:59:37 +00:00
Brian Somers
ee9336d9b7
Handle .bz2 files created by newsyslog
...
PR: 37529
Partially submitted by: Peter Hollaubek <fifteen@inext.hu>
MFC after: 1 week
2002-04-30 17:07:32 +00:00
Gregory Neil Shapiro
14a349d554
Update mail queue related periodic scripts to account for sendmail 8.12's
...
clientmqueue (submit mail queue).
The new mailq display is only active if both the old
daily_status_mailq_enable is set to "YES" and the new
daily_status_include_submit_mailq is set to "YES" so people who disabled
440.status-mailq won't have any surprises.
Likewise, the new queue run is only active if both the old
daily_queuerun_enable is set to "YES" and the new daily_submit_queuerun
is set to "YES" so people who disabled 500.queuerun won't have any
surprises.
While I am here, remove the [ ! -d /var/spool/mqueue ] checks from
both scripts as the queue directory isn't always /var/spool/mqueue for
the main daemon -- it can be set to anything in the sendmail.cf file.
MFC after: 1 week
2002-04-10 03:58:40 +00:00
Robert Watson
2e1fc052bc
No need to explicitly check for both cases when using grep -i.
2002-03-12 21:44:33 +00:00
Robert Watson
cd9281b380
Update login failure checking to check auth.log instead of messages,
...
and teach it to look for more general classes of failures, including
SSH login failures. This is similar but not identical to a patch
submitted by aeonflux@synapse.subneural.net .
2002-03-11 19:39:08 +00:00
Crist J. Clark
90bbf5454c
Environmental variable was not being passed to a subshell as intended.
...
PR: bin/35558
Submitted by: Nicolas Rachinsky <list@rachinsky.de>
2002-03-05 19:13:05 +00:00
Brian Somers
55ade43025
Set rc=1 rather than 0 so that setting daily_show_success=YES masks
...
the output of all goes well.
PR: 34825
Submitted by: Valentin Nechayev <netch@netch.kiev.ua>
MFC after: 3 weeks
2002-02-13 19:10:07 +00:00
Crist J. Clark
d15413fe2f
Fix a stray character that found its way into a filename.
2001-12-14 22:25:04 +00:00
Ruslan Ermilov
ac47c95eea
Work around the bugfeature of test(1).
...
PR: bin/32822
2001-12-14 08:58:21 +00:00
Crist J. Clark
2204f3ce42
Long ago, there was just /etc/daily. Then /etc/security was split out
...
of /etc/daily. Some time later, /etc/daily became a set of periodic(8)
scripts. Now, this evolution continues, and /etc/security has been
broken into periodic(8) scripts to make local customization easier and
more maintainable.
Reviewed by: ru
Approved by: ru
2001-12-07 23:57:39 +00:00
Mike Silbersack
b5c013b6b9
Make sure the security check output includes a To: line in the
...
same way the daily run output does.
2001-11-28 04:07:03 +00:00
Brian Somers
6eb9bd2d1f
Handle wtmp.0 being compressed
...
PR: 32113
Submitted by: Yar Tikhiy <yar@comp.chem.msu.su>
MFC after: 1 week
2001-11-20 15:01:24 +00:00
Crist J. Clark
6d852b5bdb
After further discussion on -CURRENT, some people (jhb) do not like
...
the idea of not masking passwords on comments in case the
administrator comments out an entry without clearing the
password. Instead completely ignore comments (since they have no
security impact) when doing the diff of the old and new passwd file.
Suggested by: rwatson
2001-11-14 09:30:01 +00:00
Crist J. Clark
c2f9738fda
No need to hide stuff in the $FreeBSD$ tag or in other comments like,
...
Backup passwd and group files:
1c1
< # $FreeBSD:(password):09:07 peter Exp $
---
> # $FreeBSD:(password):27:16 ache Exp $
MFC after: 1 week
2001-11-11 07:15:19 +00:00
Kris Kennaway
7080a34335
UUCP removal Phase III.
2001-10-01 06:27:44 +00:00
Kris Kennaway
77fb35234d
Run the uustat command as the uucp user, not as root.
2001-09-09 05:53:01 +00:00
Brian Somers
c5f947aa7f
Remove $daily_status_named_logs and figure out which /var/log/messages*
...
files to look an (in the same way that /etc/security does).
Don't single-quote $start, reducing it to an empty string.
MFC after: 3 days
2001-07-26 02:37:12 +00:00
Brian Somers
cce7f73d72
Don't try to remove directories unless we've emptied them first
...
Submitted by: NIIMI Satoshi <sa2c@and.or.jp>
PR: 28355
MFC after: 1 week
2001-07-19 12:08:24 +00:00
Anton Berezin
33ea028f0f
Recognize and support new output which pkg_version(1) might produce.
...
PR: 27707
Approved by: bmah, markm
2001-06-11 21:31:50 +00:00
Doug Barton
ebb4c1b9a4
Small adjustment to whitespace in output
2001-06-01 16:40:57 +00:00
Ruslan Ermilov
0b381bf1fd
Remove vestiges of MFS.
2001-06-01 10:07:28 +00:00
Doug Barton
311176d1c5
Truly limit the path to local filesystems.
2001-05-31 09:53:53 +00:00
Brian Somers
f8fb1acb36
Default daily_accounting_flags to -q. I thought this was a typo in the
...
originally submitted patch (oops!).
Also check for an empty $daily_accounting_save.
Submitted by: Udo Schweigert <Udo.Schweigert@cert.siemens.de>
2001-05-30 20:23:43 +00:00
Brian Somers
c4d5bb5129
Add $daily_accounting_save and $daily_accounting_flags
...
Submitted by: Udo Schweigert <Udo.Schweigert@cert.siemens.de>
MFC after: 2 weeks
2001-05-30 16:46:53 +00:00
Dirk Froemberg
2828b33147
Add 470.status-named.
...
Reminded by: gshapiro
2001-05-11 09:32:48 +00:00
Josef Karthauser
dc9c693750
Remind the user that they need to check CPAN manually for updates
...
to perl5 modules installed by hand.
2001-04-28 16:15:50 +00:00
Ruslan Ermilov
2c1f07ae14
Fixed typo.
...
PR: bin/26836
Submitted by: Matthew Seaman <matthew.seaman@tornadogroup.com>
2001-04-25 12:11:54 +00:00
Dirk Froemberg
56f25ab092
Check for denied zone transfers (AXFR and IXFR).
2001-04-21 22:36:30 +00:00
Brian Somers
a1f792ba64
Identify obsolete ports
2001-03-25 11:35:22 +00:00
Ruslan Ermilov
afcf05e46a
setlocale(3) has been fixed to match POSIX standard:
...
LC_ALL takes precedence over other LC_* envariables.
2001-03-02 16:52:14 +00:00
Andrey A. Chernov
fa94f1388d
Add 500.queuerun
2001-02-19 07:12:37 +00:00
Peter Wemm
6edba32695
Move the sendmail -q from cron to periodic, as suggested by a few people.
...
This has the benefit of adding a random start time element as daily
processing takes a different amount of time on different machines.
2001-02-19 02:47:42 +00:00
Brian Somers
afcf65b56b
Allow the output of /etc/security to be logged or mailed to different
...
users in line with ${daily,weekly,monthly}_output using a new
$daily_status_security_output variable.
PR: 24643
2001-01-30 10:24:18 +00:00
Brian Somers
542e394c1c
Cope with ports that have multiple versions *and* have embedded ``-''s
...
in their name.
2001-01-02 15:17:59 +00:00
Brian Somers
7d9e9f8884
Understand ``multiple versions'' lines emitted from pkg_version.
2001-01-02 13:28:47 +00:00
Brian Somers
f02b264114
Handle multiple words in $daily_clean_disks_files
...
PR: 23805
Submitted mostly by: Norbert Papke <npapke@telus.net>
2000-12-24 03:22:45 +00:00
Doug Barton
9fc9ecb643
Finish the job of conditionalizing UUCP by preventing files in /etc/uucp
...
from being installed, and make rmail conditional on neither of
NO_SENDMAIL and NOUUCP.
PR: bin/21321
Submitted by: Me
2000-10-29 06:57:59 +00:00
Brian Somers
0655ee8d72
Case is irrelevant when sorting mail redirects
...
PR: 21600
Submitted by: David Wolfskill <dhw@whistle.com>
2000-10-02 21:54:38 +00:00
Brian Somers
ca60fa1ad6
Remove a forgotten line
...
Submitted by: Philipp Mergenthaler <un1i@rz.uni-karlsruhe.de>
2000-09-22 06:54:28 +00:00