From rv@vx0.net  Tue Nov 16 07:58:01 2004
Return-Path: <rv@vx0.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 211AD16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 16 Nov 2004 07:58:01 +0000 (GMT)
Received: from elfgate.demon.co.uk (elfgate.demon.co.uk [62.49.6.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 871D143D5C
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 16 Nov 2004 07:58:00 +0000 (GMT)
	(envelope-from rv@vx0.net)
Received: from rv by elfgate.demon.co.uk with local (Exim 4.41)
	id 1CTyDv-000BYU-8u
	for FreeBSD-gnats-submit@freebsd.org; Tue, 16 Nov 2004 07:57:59 +0000
Message-Id: <E1CTyDv-000BYU-8u@elfgate.demon.co.uk>
Date: Tue, 16 Nov 2004 07:57:59 +0000
From: No Spam Please <nobody@example.com>
Reply-To: No Spam Please <nobody@example.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: periodic security not showing faily firewall diffs
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         73992
>Category:       conf
>Synopsis:       periodic security not showing daily firewall diffs
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    cperciva
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 16 08:00:53 GMT 2004
>Closed-Date:    Mon Aug 29 11:04:19 GMT 2005
>Last-Modified:  Mon Aug 29 11:04:19 GMT 2005
>Originator:     No Spam Please
>Release:        FreeBSD 6.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD example.com 6.0-CURRENT FreeBSD 6.0-CURRENT #0: Fri Nov 12 09:56:54 GMT 2004 nobody@example.com:/usr/obj/usr/src/sys/GENERIC i386


>Description:
	The default periodic.conf value for "daily_status_security_diff_flags"
	includes the "-u" flag, which doesn't produce output with lines
	prefixed with '>' which is what the grep pipeline checks for.
	This means that the daily security report doesn't include firewall
	denied log changes.
>How-To-Repeat:
	Run: "periodic security" after some changes to the firewall log
>Fix:

	Remove the '-u' option to 'daily_status_security_diff_flags' in
	/usr/src/etc/defaults/periodic.conf

>Release-Note:
>Audit-Trail:

From: Giorgos Keramidas <keramida@freebsd.org>
To: No Spam Please <nobody@example.com>
Cc: bug-followup@freebsd.org
Subject: Re: misc/73992: periodic security not showing faily firewall diffs
Date: Tue, 16 Nov 2004 13:56:10 +0200

 On 2004-11-16 07:57, No Spam Please <nobody@example.com> wrote:
 > The default periodic.conf value for "daily_status_security_diff_flags"
 > includes the "-u" flag, which doesn't produce output with lines
 > prefixed with '>' which is what the grep pipeline checks for.
 
 Right.
 
 > >Fix:
 > Remove the '-u' option to 'daily_status_security_diff_flags' in
 > /usr/src/etc/defaults/periodic.conf
 
 Wouldn't a better fix be to change the default filter in check_diff()
 to make sure the correct pattern is used?  I'm thinking of something
 like this:
 
 : Index: security.functions
 : ===================================================================
 : RCS file: /home/ncvs/src/etc/periodic/security/security.functions,v
 : retrieving revision 1.4
 : diff -u -u -r1.4 security.functions
 : --- security.functions   23 Sep 2004 02:00:51 -0000      1.4
 : +++ security.functions   16 Nov 2004 11:55:03 -0000
 : @@ -44,6 +44,9 @@
 :    if [ "$1" = "new_only" ]; then
 :      shift
 :      filter="grep '^>'"
 : +    case $daily_status_security_diff_flags in
 : +      *-u*|*-c*) filter="grep '^+[^+]'" ;;
 : +    esac
 :    else
 :      filter="cat"
 :    fi
 
State-Changed-From-To: open->patched 
State-Changed-By: cperciva 
State-Changed-When: Mon Aug 22 17:49:25 GMT 2005 
State-Changed-Why:  
I think I fixed this in HEAD; MFC will follow. 


Responsible-Changed-From-To: freebsd-bugs->cperciva 
Responsible-Changed-By: cperciva 
Responsible-Changed-When: Mon Aug 22 17:49:25 GMT 2005 
Responsible-Changed-Why:  
I think I fixed this in HEAD; MFC will follow. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=73992 
State-Changed-From-To: patched->closed 
State-Changed-By: cperciva 
State-Changed-When: Mon Aug 29 11:03:48 GMT 2005 
State-Changed-Why:  
Patch has been MFCed to RELENG_6; no further MFCs are needed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=73992 
>Unformatted:
