| 520.pfdenied (295452) | 520.pfdenied (301226) |
|---|---|
| 1#!/bin/sh - 2# 3# Copyright (c) 2004 The FreeBSD Project 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: --- 10 unchanged lines hidden (view full) --- 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# | 1#!/bin/sh - 2# 3# Copyright (c) 2004 The FreeBSD Project 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: --- 10 unchanged lines hidden (view full) --- 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# |
| 27# $FreeBSD: head/etc/periodic/security/520.pfdenied 295452 2016-02-09 21:00:38Z lidl $ | 27# $FreeBSD: head/etc/periodic/security/520.pfdenied 301226 2016-06-02 19:06:04Z lidl $ |
| 28# 29 30# If there is a global system configuration file, suck it in. 31# 32if [ -r /etc/defaults/periodic.conf ] 33then 34 . /etc/defaults/periodic.conf 35 source_periodic_confs 36fi 37 38. /etc/periodic/security/security.functions 39 40security_daily_compat_var security_status_pfdenied_enable 41 42rc=0 43 44if check_yesno_period security_status_pfdenied_enable 45then 46 TMP=`mktemp -t security` | 28# 29 30# If there is a global system configuration file, suck it in. 31# 32if [ -r /etc/defaults/periodic.conf ] 33then 34 . /etc/defaults/periodic.conf 35 source_periodic_confs 36fi 37 38. /etc/periodic/security/security.functions 39 40security_daily_compat_var security_status_pfdenied_enable 41 42rc=0 43 44if check_yesno_period security_status_pfdenied_enable 45then 46 TMP=`mktemp -t security` |
| 47 if pfctl -sr -v -z 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' > ${TMP}; then 48 check_diff new_only pf ${TMP} "${host} pf denied packets:" | 47 touch ${TMP} 48 for _a in "" blacklistd 49 do 50 pfctl -a ${_a} -sr -v -z 2>/dev/null | \ 51 nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' >> ${TMP} 52 done 53 if [ -s ${TMP} ]; then 54 check_diff new_only pf ${TMP} "${host} pf denied packets:" |
| 49 fi 50 rc=$? 51 rm -f ${TMP} 52fi 53 54exit $rc | 55 fi 56 rc=$? 57 rm -f ${TMP} 58fi 59 60exit $rc |