From 2050fad772f32a35b1f9d4edb1becfa85bb2a906 Mon Sep 17 00:00:00 2001 From: Joerg Sonnenberger Date: Mon, 15 Nov 2004 08:11:59 +0000 Subject: [PATCH] Sync with FreeBSD. Most importantly, this removes the need for perl. --- etc/periodic/daily/440.status-mailq | 8 +-- etc/periodic/daily/460.status-mail-rejects | 11 ++-- etc/periodic/daily/470.status-named | 62 ++++++++++++---------- etc/periodic/security/550.ipfwlimit | 12 +++-- etc/periodic/security/650.ip6fwlimit | 12 +++-- 5 files changed, 58 insertions(+), 47 deletions(-) diff --git a/etc/periodic/daily/440.status-mailq b/etc/periodic/daily/440.status-mailq index 95a603783f..8daf906a0d 100644 --- a/etc/periodic/daily/440.status-mailq +++ b/etc/periodic/daily/440.status-mailq @@ -1,7 +1,7 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/440.status-mailq,v 1.4.2.5 2002/05/14 10:45:56 brian Exp $ -# $DragonFly: src/etc/periodic/daily/440.status-mailq,v 1.2 2003/06/17 04:24:48 dillon Exp $ +# $FreeBSD: src/etc/periodic/daily/440.status-mailq,v 1.9 2002/12/07 23:37:44 keramida Exp $ +# $DragonFly: src/etc/periodic/daily/440.status-mailq,v 1.3 2004/11/15 08:11:59 joerg Exp $ # # If there is a global system configuration file, suck it in. @@ -26,7 +26,7 @@ case "$daily_status_mailq_enable" in rc=$(case "$daily_status_mailq_shorten" in [Yy][Ee][Ss]) mailq | - perl -ne 'print if /^\s+\S+@/' | + egrep -e '^[[:space:]]+[^[:space:]]+@' | sort | uniq -c | sort -nr | @@ -46,7 +46,7 @@ case "$daily_status_mailq_enable" in rc=$(case "$daily_status_mailq_shorten" in [Yy][Ee][Ss]) mailq -Ac | - perl -ne 'print if /^\s+\S+@/' | + egrep -e '^[[:space:]]+[^[:space:]]+@' | sort | uniq -c | sort -nr | diff --git a/etc/periodic/daily/460.status-mail-rejects b/etc/periodic/daily/460.status-mail-rejects index f0a5cffc82..191426c855 100644 --- a/etc/periodic/daily/460.status-mail-rejects +++ b/etc/periodic/daily/460.status-mail-rejects @@ -1,7 +1,7 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/460.status-mail-rejects,v 1.8.2.5 2002/05/13 21:36:44 brian Exp $ -# $DragonFly: src/etc/periodic/daily/460.status-mail-rejects,v 1.2 2003/06/17 04:24:48 dillon Exp $ +# $FreeBSD: src/etc/periodic/daily/460.status-mail-rejects,v 1.16 2003/11/07 21:55:35 ru Exp $ +# $DragonFly: src/etc/periodic/daily/460.status-mail-rejects,v 1.3 2004/11/15 08:11:59 joerg Exp $ # # If there is a global system configuration file, suck it in. @@ -33,7 +33,7 @@ case "$daily_status_mail_rejects_enable" in echo echo Checking for rejected mail hosts: - start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'` + start=`date -v-1d '+%b %e'` n=$(($daily_status_mail_rejects_logs - 2)) rc=$({ while [ $n -ge 0 ] @@ -52,8 +52,9 @@ case "$daily_status_mail_rejects_enable" in done cat /var/log/maillog } | - perl -ne "print \"\$2\n\" - if (/reject=/ and /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o);" | + fgrep 'reject=' | + egrep -e "^$start.*ruleset=check_[^[:space:]]+,[[:space:]]+arg1=(<[^@]+@)?([^>,]+).*reject=.*" | + sed -e 's/.*arg1=//' -e 's/.*@//' -e 's/[>[:space:]].*$//' | sort -f | uniq -ic | sort -fnr | tee /dev/stderr | wc -l) [ $rc -gt 0 ] && rc=1 fi;; diff --git a/etc/periodic/daily/470.status-named b/etc/periodic/daily/470.status-named index f7a1bb2c9a..0afb0c4fa1 100644 --- a/etc/periodic/daily/470.status-named +++ b/etc/periodic/daily/470.status-named @@ -1,7 +1,7 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/470.status-named,v 1.1.2.2 2001/07/28 11:44:22 brian Exp $ -# $DragonFly: src/etc/periodic/daily/470.status-named,v 1.2 2003/06/17 04:24:48 dillon Exp $ +# $FreeBSD: src/etc/periodic/daily/470.status-named,v 1.6 2003/11/07 21:55:35 ru Exp $ +# $DragonFly: src/etc/periodic/daily/470.status-named,v 1.3 2004/11/15 08:11:59 joerg Exp $ # # If there is a global system configuration file, suck it in. @@ -14,8 +14,14 @@ fi catmsgs() { find /var/log -name 'messages.*' -mtime -2 | - sort -t. -r -n +1 -2 | - xargs zcat -f + sort -t. -r -n -k 2,2 | + while read f + do + case $f in + *.gz) zcat -f $f;; + *.bz2) bzcat -f $f;; + esac + done [ -f /var/log/messages ] && cat /var/log/messages } @@ -24,32 +30,32 @@ case "$daily_status_named_enable" in echo echo 'Checking for denied zone transfers (AXFR and IXFR):' - start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'` + start=`date -v-1d '+%b %e'` rc=$(catmsgs | - perl -ne 'print "$2 from $1\n" - if (/^'"$start"'.*named\[\d+\]: denied [AI]XFR from \[(.*)\]\.\d+ for "(.*)"/);' | - sort -f | uniq -ic | - perl -e ' - use Socket; + fgrep '^'"$start"'.*named\[[[:digit:]]\+\]: denied [AI]XFR from \[.*\]\.[[:digit:]]\+ for' | \ + sed -e 's/.*: denied [AI]XFR from \[\(.*\)\]\.[[:digit:]]* for "\(.*\)".*$/\2 from \1/' + sort -f | uniq -ic | ( + usedns=0 + if [ X"${daily_status_named_usedns}" != X"" ]; then + case $daily_status_named_usedns in + [yY][eE][sS]) usedns=1 ;; + esac + fi - while () { - if (/^.*from (.*)$/) { - $ip_addr = $1; - chomp; - if ($ARGV[0] =~ /^yes$/i) { - ($host) = gethostbyaddr(inet_aton($ip_addr), AF_INET); - } else { - $host = ""; - } - - if ($host) { - print "$_ ($host)\n"; - } else { - print "$_\n"; - } - } - } - ' $daily_status_named_usedns | tee /dev/stderr | wc -l) + while read line ;do + ipaddr=`echo "$line" | sed -e 's/^.*from //'` + if [ $usedns -eq 1 ]; then + name=`host "${ipaddr}" 2>/dev/null | \ + grep 'domain name pointer' | \ + sed -e 's/^.* //'` + fi + if [ X"${name}" != X"" ]; then + echo "${line} (${name})" + else + echo "${line}" + fi + done ) | \ + tee /dev/stderr | wc -l) [ $rc -gt 0 ] && rc=1 ;; diff --git a/etc/periodic/security/550.ipfwlimit b/etc/periodic/security/550.ipfwlimit index 25f7a8c27b..3a06a07b95 100644 --- a/etc/periodic/security/550.ipfwlimit +++ b/etc/periodic/security/550.ipfwlimit @@ -24,8 +24,8 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/etc/periodic/security/550.ipfwlimit,v 1.2.2.3 2002/08/28 05:13:53 cjc Exp $ -# $DragonFly: src/etc/periodic/security/550.ipfwlimit,v 1.2 2003/06/17 04:24:48 dillon Exp $ +# $FreeBSD: src/etc/periodic/security/550.ipfwlimit,v 1.6 2003/06/30 22:06:26 mtm Exp $ +# $DragonFly: src/etc/periodic/security/550.ipfwlimit,v 1.3 2004/11/15 08:11:59 joerg Exp $ # # Show ipfw rules which have reached the log limit @@ -43,11 +43,13 @@ rc=0 case "$daily_status_security_ipfwlimit_enable" in [Yy][Ee][Ss]) - TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` + TMP=`mktemp -t security` IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then - ipfw -a l | grep " log " | perl -n -e \ - '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP} + ipfw -a l | grep " log " | \ + grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ + awk -v limit="$IPFW_LOG_LIMIT" \ + '{if ($2 > limit) {print $0}}' > ${TMP} if [ -s "${TMP}" ]; then rc=1 echo "" diff --git a/etc/periodic/security/650.ip6fwlimit b/etc/periodic/security/650.ip6fwlimit index dd8986020c..63a5415916 100644 --- a/etc/periodic/security/650.ip6fwlimit +++ b/etc/periodic/security/650.ip6fwlimit @@ -24,8 +24,8 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/etc/periodic/security/650.ip6fwlimit,v 1.2.2.3 2002/08/28 05:13:53 cjc Exp $ -# $DragonFly: src/etc/periodic/security/650.ip6fwlimit,v 1.2 2003/06/17 04:24:48 dillon Exp $ +# $FreeBSD: src/etc/periodic/security/650.ip6fwlimit,v 1.6 2003/06/30 22:06:26 mtm Exp $ +# $DragonFly: src/etc/periodic/security/650.ip6fwlimit,v 1.3 2004/11/15 08:11:59 joerg Exp $ # # Show ip6fw rules which have reached the log limit @@ -43,11 +43,13 @@ rc=0 case "$daily_status_security_ip6fwlimit_enable" in [Yy][Ee][Ss]) - TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` + TMP=`mktemp -t security` IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null` if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then - ip6fw -a l | grep " log " | perl -n -e \ - '/^\d+\s+(\d+)/; print if ($1 >= '$IP6FW_LOG_LIMIT')' > ${TMP} + ip6fw -a l | grep " log " | \ + grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ + awk -v limit="$IPFW_LOG_LIMIT" \ + '{if ($2 > limit) {print $0}}' > ${TMP} if [ -s "${TMP}" ]; then rc=1 echo "" -- 2.41.0