| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and -delete (which implies depth-first traversal), avoid using -delete in
favour of -execdir.
This has a side-effect of not removing directories that contain files,
even if we delete all of those files, but IMHO that's a better option
than specifying all possible local filesystem types in this script.
PR: 122811
MFC after: 3 weeks
Notes:
svn path=/head/; revision=193302
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
differently. The output now shows the ruleset and shortens to
slightly different text (using $daily_status_mail_rejects_shorten),
but it should be more descriptive.
PR: 35018
Inspired by: Mikhail Teterin - mi at aldan dot algebra dot com
MFC after: 3 weeks
Notes:
svn path=/head/; revision=192970
|
|
|
|
| |
Notes:
svn path=/head/; revision=187210
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I noticed on a system at home that restarting named(8) causes the
/var/named/dev mount to be moved to the bottom of the mount list,
because it gets remounted. When I received the daily security email this
morning, I was quite amazed to see that the security report listed the
differences, while it was nothing out of the ordinary.
If we just throw the `mount -p' output through sort(1), we'll only
receive notifications about changes to mounts if something has really
changed.
Notes:
svn path=/head/; revision=184265
|
|
|
|
|
|
|
|
|
|
|
| |
control over the result of buildworld and installworld; this especially
helps packaging systems such as nanobsd
Reviewed by: various (posted to arch)
MFC after: 1 month
Notes:
svn path=/head/; revision=183242
|
|
|
|
|
|
|
|
|
|
|
|
| |
- don't run it if net.inet.ip.fw.verbose = 0 as it is pointless
- handle rules without logging limit correctly [1]
(those rules show up without logamount in "ipfw -a list")
PR: conf/126060 [1]
MFC after: 1 month
Notes:
svn path=/head/; revision=181531
|
|
|
|
|
|
|
|
|
|
|
| |
of the message, such as:
Jun 30 10:49:21 rogue sshd[17553]: Invalid user iceman from 127.0.0.1
PR: conf/124569
Submitted by: Taku <taku@tekipaki.jp>
Notes:
svn path=/head/; revision=180111
|
|
|
|
|
|
|
|
|
|
| |
PR: misc/122069
Submitted by: taku@tekipaki.jp
MFC after: 3 days
Approved by: imp (mentor, implicit trivial change).
Notes:
svn path=/head/; revision=177606
|
|
|
|
| |
Notes:
svn path=/head/; revision=175906
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
find | sort. As a bonus, this simplifies the logic considerably. Also
remove the bogus "overruning the args to ls" comment and the corresponding
"-n 20" argument to xargs; the whole point with xargs is precisely that it
knows how large the argument list can safely get.
Note that the first run of the updated script may hypotheticall produce
false positives due to differences between find's and sort's sorting
algorithm. I haven't seen this during testing, but others might.
MFC after: 2 weeks
Notes:
svn path=/head/; revision=175890
|
|
|
|
|
|
|
|
|
|
|
| |
the rejected mail reports to tally the rejects per blacklist without
providing details about individual sender hosts. The default configuration
keeps the reports in their original form.
MFC after: 1 week
Notes:
svn path=/head/; revision=175153
|
|
|
|
| |
Notes:
svn path=/head/; revision=173873
|
|
|
|
|
|
|
| |
Pointed out by: Henrik Brix Anders
Notes:
svn path=/head/; revision=169556
|
|
|
|
|
|
|
|
|
| |
PR: conf/112604
Submitted by: Oliver Fromme
MFC after: 1 month
Notes:
svn path=/head/; revision=169517
|
|
|
|
|
|
|
| |
Submitted by: des
Notes:
svn path=/head/; revision=168412
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bad or illegal. This prevents matching on systems that
have a name that matches the query.
PR: conf/107560
Submitted by: Christian Laursen <cfsl at pil dot dk>
MFC after: 3 days
Approved by: imp (mentor)
Notes:
svn path=/head/; revision=166928
|
|
|
|
|
|
|
|
|
|
|
| |
of the depricated one.
PR: conf/108611
Submitted by: TAOKA Fumiyoshi <fmysh at iijmio-mail dot jp>
Approved by: imp (mentor)
Notes:
svn path=/head/; revision=166912
|
|
|
|
|
|
|
|
| |
by revision 1.6) works again. This fix is already in RELENG_6, but was
never committed to HEAD.
Notes:
svn path=/head/; revision=166519
|
|
|
|
| |
Notes:
svn path=/head/; revision=161708
|
|
|
|
|
|
|
|
|
| |
is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.
Head nod: ru, rwatson
Notes:
svn path=/head/; revision=161602
|
|
|
|
|
|
|
|
|
| |
PR: conf/96658
Submitted by: James Snow
MFC after: 1 week
Notes:
svn path=/head/; revision=159525
|
|
|
|
|
|
|
|
| |
Since ipfw2 now does dual-stack, statistics for IPv6 come from the ipfw
scripts as well.
Notes:
svn path=/head/; revision=158497
|
|
|
|
|
|
|
|
| |
PR: conf/93472
MFC after: 3
Notes:
svn path=/head/; revision=156435
|
|
|
|
|
|
|
|
|
|
|
|
| |
other programs
PR: conf/70973
Submitted by: Ryan Sommers" <ryans@gamersimpact.com>
Approved by: philip (mentor)
MFC after: 3 days
Notes:
svn path=/head/; revision=156312
|
|
|
|
|
|
|
|
|
| |
and gconcat(8) devices, respectively.
Approved by: rwatson (mentor)
Notes:
svn path=/head/; revision=156215
|
|
|
|
|
|
|
|
|
|
| |
PR: conf/92299
Submitted by: Petr Rehor <prehor@gmail.com>
Approved by: philip (mentor)
MFC after: 3 days
Notes:
svn path=/head/; revision=155422
|
|
|
|
|
|
|
| |
Submitted by: brueffer
Notes:
svn path=/head/; revision=154652
|
|
|
|
| |
Notes:
svn path=/head/; revision=154304
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Simplify the shell scripting a bit, and remove a useless grep | sed
The problem was pointed out by the PR, and I used part of the solution
suggested there, but the semantics changed again for 9.2.x -> 9.3.x.
PR: conf/74228
Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com>
Notes:
svn path=/head/; revision=152697
|
|
|
|
|
|
|
|
|
|
|
| |
until we realize if ipfw(4) ever used.
PR: bin/85970
Submitted by: Andre Albsmeier
MFC after: 3 days
Notes:
svn path=/head/; revision=149989
|
|
|
|
| |
Notes:
svn path=/head/; revision=149659
|
|
|
|
|
|
|
|
|
|
| |
'^>', in order to catch both normal and unified diffs.
Problem reported by: volker at vwsoft dot com via -stable
MFC after: 3 days
Notes:
svn path=/head/; revision=149366
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rule itself, not in verbose_limit sysctl. [1]
- Do check rules, even if verbose_limit is set 0. Rules may have
their own log limits.
PR: conf/77929
Submitted by: Andriy Gapon [1]
Reviewed by: matteo
Notes:
svn path=/head/; revision=149320
|
|
|
|
|
|
|
|
| |
PR: conf/35242
Submitted by: Annihilator <annihilator.c@usa.net>
Notes:
svn path=/head/; revision=144343
|
|
|
|
|
|
|
| |
Approved by: grehan (mentor)
Notes:
svn path=/head/; revision=142303
|
|
|
|
|
|
|
|
| |
Reviewed by: brian, ru
MFC after: 1 week
Notes:
svn path=/head/; revision=140186
|
|
|
|
|
|
|
|
|
|
| |
As there are no tabs in maillog, reduce the expression so that only spaces
are used.
Problem raised by: Leif Neland root at internet dot dk
Notes:
svn path=/head/; revision=140096
|
|
|
|
| |
Notes:
svn path=/head/; revision=140059
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reject. For example:
Checking for rejected mail hosts:
48 getherbalnow.info (451... resolve)
46 absorb.com (451... resolve)
4 tgmart01.codns.com (553... exist)
3 kali.com.cn (451... resolve)
2 genie.com (451... resolve)
1 zv.qy (553... exist)
1 zd.hinet.hr (553... exist)
....
The bit in parenthesis is the reject code and the last word on the line -
enough to give the admin a better chance of seeing real problems (hopefully!).
While I'm here, remove the "<" at the start of rejects coming from "from"
addresses without a name@ part.
I had to rewrite the patch given by the submitter as this script has been
sed'ified (used to be perl) and I think the reject code is useful....
PR: 17377
Idea from: root at ns dot internet dot dk
MFC after: 7 days
Notes:
svn path=/head/; revision=140029
|
|
|
|
|
|
|
|
|
| |
This also trims extraneous commas from domain names.
MFC after: 7 days
Notes:
svn path=/head/; revision=140028
|
|
|
|
|
|
|
| |
OK'ed by: core
Notes:
svn path=/head/; revision=139103
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
packet counts by pf(4).
This adds a ``daily_status_security_pfdenied_enable'' variable to
periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.
The output will look like this (line wrapped):
pf denied packets:
> block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0
Bytes: 0 States: 0 ]
> block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578
States: 0 ]
Submitted by: clive (thanks a lot!)
MFC after: 2 weeks
Notes:
svn path=/head/; revision=138061
|
|
|
|
|
|
|
|
|
|
| |
format of the 'diff' output generated during periodic(8) scripts.
Submitted by: keramida (script changes)
Reviewed by: keramida (man page changes)
Notes:
svn path=/head/; revision=135591
|
|
|
|
|
|
|
|
|
|
| |
This is particularly convenient on a cluster of machines to prevent
having to rebuild the INDEX file on each.
Reviewed by: portmgr
Notes:
svn path=/head/; revision=129424
|
|
|
|
|
|
|
|
| |
PR: misc/50154
Submitted by: Kimura Fuyuki <fuyuki@hadaly.org>
Notes:
svn path=/head/; revision=128473
|
|
|
|
| |
Notes:
svn path=/head/; revision=126342
|
|
|
|
|
|
|
|
|
|
|
| |
be properly mailwrapper'ed.
PR: conf/60676
Submitted by: Colin Percival <cperciva@daemonology.net>, maxim
MFC after: 4 days
Notes:
svn path=/head/; revision=124080
|
|
|
|
| |
Notes:
svn path=/head/; revision=122257
|
|
|
|
| |
Notes:
svn path=/head/; revision=121620
|
|
|
|
|
|
|
|
|
| |
of providing a template manually.
Submitted by: Lars Eggert <larse@isi.edu>
Notes:
svn path=/head/; revision=117088
|