d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
124,887 Commits 4 Branches 49 Tags
Commit Graph

146 Commits

Author SHA1 Message Date
mlaier
23ea781ace Move etc/rc.firewall6 to ipfw2+v6, update related rc.d and periodic scripts. 
Since ipfw2 now does dual-stack, statistics for IPv6 come from the ipfw
scripts as well.
 2006-05-12 19:17:34 +00:00
matteo
b19c8d2fcc Fix output and exit status when daily_mailq_shorten is set to YES 
PR:		conf/93472
MFC after:	3
 2006-03-08 17:26:53 +00:00
matteo
00b7acda29 Enhance loginfail: it will catch sshd, proftpd and su errors, as well as other programs 
PR: conf/70973
Submitted by:	Ryan Sommers" <ryans@gamersimpact.com>
Approved by:	philip (mentor)
MFC after:	3 days
 2006-03-05 15:45:38 +00:00
brueffer
04a5ecea57 Add periodic scripts that check the status of graid3(8), gstripe(8) 
and gconcat(8) devices, respectively.

Approved by:	rwatson (mentor)
 2006-03-02 14:44:19 +00:00
matteo
603c4fe5f3 When there are no interesting information in output, exit with 0. 
PR:		conf/92299
Submitted by:	Petr Rehor <prehor@gmail.com>
Approved by:	philip (mentor)
MFC after:	3 days
 2006-02-07 08:21:06 +00:00
maxim
96735772f3 o Add 406.status-gmirror, sort. 
Submitted by:	brueffer
 2006-01-21 20:16:30 +00:00
wollman
c637bc1255 Add a daily script to show the status of gmirror(8) devices. 2006-01-13 18:07:52 +00:00
dougb
3066b17d9e Update the test for failed zone transfers to reflect BIND 9.3.1 semantics 
Simplify the shell scripting a bit, and remove a useless grep | sed

The problem was pointed out by the PR, and I used part of the solution
suggested there, but the semantics changed again for 9.2.x -> 9.3.x.

PR:		conf/74228
Submitted by:	Jeremy Chadwick <freebsd@jdc.parodius.com>
 2005-11-22 22:24:27 +00:00
maxim
e6775c1a34 A new version of rev. 1.4: postpone a temporary file creation 
until we realize if ipfw(4) ever used.

PR:		bin/85970
Submitted by:	Andre Albsmeier
MFC after:	3 days
 2005-09-11 14:29:58 +00:00
glebius
5facd9e67a Fix braino in last commit. Print nothing if ipfw(4) is not present. 2005-08-31 08:31:14 +00:00
cperciva
2f763eca1d When looking for new lines in diff output, grep for '^[>+]' instead of 
'^>', in order to catch both normal and unified diffs.

Problem reported by:	volker at vwsoft dot com via -stable
MFC after:	3 days
 2005-08-22 09:33:36 +00:00
glebius
34a844087d - Correctly parse output, when logging amount is limited in the 
rule itself, not in verbose_limit sysctl. [1]
- Do check rules, even if verbose_limit is set 0. Rules may have
  their own log limits.

PR:		conf/77929
Submitted by:	Andriy Gapon [1]
Reviewed by:	matteo
 2005-08-20 09:41:49 +00:00
ru
b7500638b6 Purge orphan catpages. 
PR:		conf/35242
Submitted by:	Annihilator <annihilator.c@usa.net>
 2005-03-30 18:02:49 +00:00
ssouhlal
ec1c427a31 Replace "ipfw l", which is now deprecated, with "ipfw list". 
Approved by:	grehan (mentor)
 2005-02-23 15:07:36 +00:00
glebius
f044db930e Don't do setuid checks on file systems mounted with noexec option. 
Reviewed by:	brian, ru
MFC after:	1 week
 2005-01-13 15:07:35 +00:00
brian
274b15afc6 Sed doesn't grok '[ \t]' -- it doesn't expand the \t :( 
As there are no tabs in maillog, reduce the expression so that only spaces
are used.

Problem raised by:      Leif Neland root at internet dot dk
 2005-01-12 01:31:21 +00:00
brian
0df4d3761b Oops, the < in arg1=< is optional - treat it as such! 2005-01-11 10:54:38 +00:00
brian
845566c7e8 Adjust the mail reject output so that it gives an abreviated reason for the 
reject.  For example:

Checking for rejected mail hosts:
  48 getherbalnow.info (451... resolve)
  46 absorb.com (451... resolve)
   4 tgmart01.codns.com (553... exist)
   3 kali.com.cn (451... resolve)
   2 genie.com (451... resolve)
   1 zv.qy (553... exist)
   1 zd.hinet.hr (553... exist)
   ....

The bit in parenthesis is the reject code and the last word on the line -
enough to give the admin a better chance of seeing real problems (hopefully!).

While I'm here, remove the "<" at the start of rejects coming from "from"
addresses without a name@ part.

I had to rewrite the patch given by the submitter as this script has been
sed'ified (used to be perl) and I think the reject code is useful....

PR:		17377
Idea from:	root at ns dot internet dot dk
MFC after:	7 days
 2005-01-11 02:08:53 +00:00
brian
db72d98ac1 Collapse "fgrep | egrep | sed" down to a single sed. 
This also trims extraneous commas from domain names.

MFC after:	7 days
 2005-01-11 01:47:44 +00:00
ru
cec60429bb Start the dreaded NOFOO -> NO_FOO conversion. 
OK'ed by:	core
 2004-12-21 08:47:35 +00:00
mlaier
7e3eabcfe7 Teach periodic(8) security output to display information about blocked 
packet counts by pf(4).

This adds a ``daily_status_security_pfdenied_enable'' variable to
periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.

The output will look like this (line wrapped):

  pf denied packets:
  > block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0
    Bytes: 0 States: 0 ]
  > block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578
    States: 0 ]

Submitted by:	clive (thanks a lot!)
MFC after:	2 weeks
 2004-11-24 18:41:53 +00:00
jkoshy
e73862471d Add a knob 'daily_status_security_diff_flags' controlling the 
format of the 'diff' output generated during periodic(8) scripts.

Submitted by:	keramida (script changes)
Reviewed by:	keramida (man page changes)
 2004-09-23 02:00:52 +00:00
joe
1251c94abc Allow the location of the INDEX file to specified to pkg_version. 
This is particularly convenient on a cluster of machines to prevent
having to rebuild the INDEX file on each.

Reviewed by:	portmgr
 2004-05-19 09:18:08 +00:00
darrenr
77ecc19ba0 Add script for checking ipv6 blocked packets from PR. 
PR:		misc/50154
Submitted by:	Kimura Fuyuki <fuyuki@hadaly.org>
 2004-04-20 13:44:57 +00:00
ache
3821a70e28 Don't remove empty dirs if their names are in $daily_clean_tmps_ignore 2004-02-28 04:58:40 +00:00
gshapiro
88f59471ab Use hoststat/purgestat instead of sendmail -bh/-bH so the calls can 
be properly mailwrapper'ed.

PR:		conf/60676
Submitted by:	Colin Percival <cperciva@daemonology.net>, maxim
MFC after:	4 days
 2004-01-02 18:50:22 +00:00
ru
cb67907c73 Use %e in the date(1) format string to eliminate the sed(1) command. 2003-11-07 21:55:35 +00:00
jesper
41ec55c865 Add status checking of ATA raid to the daily periodic scripts. 2003-10-27 20:14:53 +00:00
mtm
016c135dba Have mktemp(1) construct the temporary file name for us instead 
of providing a template manually.

Submitted by:	Lars Eggert <larse@isi.edu>
 2003-06-30 22:06:26 +00:00
jhb
699d82d7fc Remove 220.backup-distfile since it has been deleted. 
Reported by:	mdodd
Pointy hat to:	jhb
 2003-04-01 20:32:01 +00:00
jhb
4f51bb11c1 Complete removal of 320.rdist by removing its entry from periodic.conf and 
removing the related 220.backup-distfile script and associatd periodic.conf
entry.

Discussed with:	obrien
 2003-04-01 17:45:27 +00:00
obrien
0c8ca48d87 320.rdist is OBE as we don't have rdist in the base system any more. 2003-03-29 03:28:28 +00:00
obrien
1a1209f873 This is OBE as we don't have rdist in the base system any longer. 2003-03-29 03:27:49 +00:00
wollman
62de1738a4 Do not do manually what sendmail(8) can do better automatically. 
Tell sendmail to clean up its own host status cache.
The error condition handling could probably be done better.
 2003-01-08 18:51:45 +00:00
se
6f580108ee Add support for bzip2ed log files. 2003-01-05 21:32:50 +00:00
keramida
f973c892f0 Avoid using perl in the periodic & security scripts. This brings the 
base system one step closer to being totally perl-free.

Approved by:	re (jhb)
 2002-12-07 23:37:44 +00:00
thomas
dfc9d731c3 Do not emit a message on stderr when one of the compared files 
is shorter than the other.

Reviewed by:	roberto
MFC after:	3 days
 2002-11-16 14:58:39 +00:00
thomas
e4fc2471bb Remove incorrect output redirection. 
Reviewed by:	roberto
Committed from:	EuroBSDCon Amsterdam
MFC after:	3 days
 2002-11-16 14:57:12 +00:00
thomas
08d4d01809 Add newly-added sripts to FILES. 
Reviewed by:	roberto
 2002-10-25 15:23:26 +00:00
thomas
0eb26ce875 Add a new /etc/periodic/security script to check for packets 
rejected by ipfilter (510.ipfdenied), and a corresponding periodic.conf
knob (daily_status_security_ipfdenied_enable).

Reviewed by:	roberto
Approved by:	re@
 2002-10-25 15:16:54 +00:00
thomas
24742dd0fd Factor out code across various /etc/periodic/security scripts into a 
separate file, /etc/periodic/security/security.functions.

Reviewed by:	roberto (mentor)
Approved by:	re@
 2002-10-25 15:14:16 +00:00
joerg
c654638cb1 When considering temporary files for deletion, don't examine the mtime 
and atime only, but also the ctime.  Otherwise, files extracted from
tar or zip archives will immediately be declared stale since they've
got their mtime reset to the original mtime.

Reviewed by:	brian
MFC after:	1 week
 2002-10-06 18:48:20 +00:00
brian
b9155304da Add a pkg_version variable so that it's possible to run portsversion instead 
of pkg_version in periodic/weekly/400.status-pkg.
 2002-09-25 03:01:42 +00:00
ache
ac09299ab9 Make it work with POSIX sort (POS arg). 
All old sorts understand -k too.
 2002-09-24 18:53:46 +00:00
cjc
1bdbc52de7 Only create a temporary file if we are actually going to do something 
in the script. Eliminates a bug where we create a temp file, but don't
delete it since the rm(1) is only done if the check is enabled.

PR:		bin/40960
Submitted by:	frf <frf@xocolatl.com>
MFC after:	3 days
 2002-08-25 04:09:17 +00:00
schweikh
859c765d64 o Test and change to the correct directory, /var/spool/.hoststat 
o Bring if/then style in sync with /etc/rc scripts

PR:		conf/41570
Submitted by:	Konstantin M Volevatch <cox@rosnet.ru>
MFC after:	1 week
 2002-08-12 11:09:01 +00:00
gshapiro
8cc0839b13 If all file systems are marked nosuid, the line: 
MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort`

sets ${MP} to an empty string so the next line:

	set ${MP}

actually just dumps all of the shells variables to stdout (and therefore
the security report).  Fixed by surrounding the code which goes through the
mounts with a test for an empty string before using ${MP}.

Reviewed by:	brian
MFC after:	3 days
 2002-08-03 22:33:34 +00:00
ru
ed13465e59 Install scripts via FILES (purposedly not via SCRIPTS that would 
strip the suffixes).
 2002-07-18 12:33:01 +00:00
ru
cd7c90d38f s/${INSTALL} -c/${INSTALL} ${COPY}/ 2002-07-18 12:07:49 +00:00
brian
c4dd2bd45f Mention that we're checking kernel log messages, even if there's 
no output.

PR:		39618
MFC after:	1 week
 2002-06-28 10:32:18 +00:00