Re: status-mail-rejects: appears to be broken
On Mon, 08 Jan 2018 01:52:03 +0100, Chris H wrote:
On Sun, 07 Jan 2018 14:13:01 +0100 "Ronald Klop"
said
On Sun, 17 Dec 2017 20:50:23 +0100, Chris H
wrote:
> I'm running on r326056, and periodic(8) doesn't seem to be working
> as expected;
> mail rejects:
>
> Checking for rejected mail hosts:
> usage: fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=host]
>[--ca-cert=file] [--ca-path=dir] [--cert=file] [--crl=file]
>[-i file] [--key=file] [-N file] [--no-passive]
[--no-proxy=list]
>[--no-sslv3] [--no-tlsv1] [--no-verify-hostname] >
[--no-verify-peer]
>[-o file] [--referer=URL] [-S bytes] [-T seconds]
>[--user-agent=agent-string] [-w seconds] URL ...
>fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=host]
>[--ca-cert=file] [--ca-path=dir] [--cert=file] [--crl=file]
>[-i file] [--key=file] [-N file] [--no-passive]
[--no-proxy=list]
>[--no-sslv3] [--no-tlsv1] [--no-verify-hostname] >
[--no-verify-peer]
>[-o file] [--referer=URL] [-S bytes] [-T seconds]
>[--user-agent=agent-string] [-w seconds] -h host -f file [-c
dir]
>
> Also, 520.pfdenied doesn't produce any output. In fact, it doesn't
appear
> to be run at all.
>
> Any thoughts, or advice on how to best proceed?
>
> Thanks!
>
> --Chris
This looks the same as what I experienced. It will be fixed by
upgrading until at least this commit:
http://www.secnetix.de/olli/FreeBSD/svnews/index.py?r=326343
It appears that you indicate anything past, or including r326343
resolves this
Indeed. That resolves the error about 'fetch'. Which came from the ntpd
leaptime file update periodic script in my case.
I'll look into it.
But FWIW I was able to get etc/periodic/security/520.pfdenied output
working
with the following diff(1):
I don't use pf, so I can't comment on this. I hope somebody else can, but
I guess it will attract more eyes if you repost with a subject about
520.pfdenied or something similar.
Regards,
Ronald.
--- /etc/periodic/security/520.pfdenied.orig 2017-11-21
06:57:04.0 -0800
+++ /etc/periodic/security/520.pfdenied 2017-03-29 16:22:50.0
-0700
@@ -24,7 +24,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD: head/etc/periodic/security/520.pfdenied 306696 2016-10-04
23:12:35Z lidl $
+# $FreeBSD: head/etc/periodic/security/520.pfdenied 290405 2015-11-05
17:37:14Z lidl $
#
# If there is a global system configuration file, suck it in.
@@ -44,13 +44,8 @@
if check_yesno_period security_status_pfdenied_enable
then
TMP=`mktemp -t security`
- for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null)
- do
- pfctl -a ${_a} -sr -v -z 2>/dev/null | \
- nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0)
print buf$0;} }' >> ${TMP}
- done
- if [ -s ${TMP} ]; then
- check_diff new_only pf ${TMP} "${host} pf denied packets:"
+ if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline;
gsub(" +"," ",$0); print buf$0;} }' > ${TMP}; then
+ check_diff new_only pf ${TMP} "${host} pf denied packets:"
fi
rc=$?
rm -f ${TMP}
Thanks for taking the time to reply, Ronald!
Ronald.
--Chris
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: status-mail-rejects: appears to be broken
On Sun, 07 Jan 2018 14:13:01 +0100 "Ronald Klop" said
On Sun, 17 Dec 2017 20:50:23 +0100, Chris H wrote:
> I'm running on r326056, and periodic(8) doesn't seem to be working
> as expected;
> mail rejects:
>
> Checking for rejected mail hosts:
> usage: fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=host]
>[--ca-cert=file] [--ca-path=dir] [--cert=file] [--crl=file]
>[-i file] [--key=file] [-N file] [--no-passive] [--no-proxy=list]
>[--no-sslv3] [--no-tlsv1] [--no-verify-hostname]
> [--no-verify-peer]
>[-o file] [--referer=URL] [-S bytes] [-T seconds]
>[--user-agent=agent-string] [-w seconds] URL ...
>fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=host]
>[--ca-cert=file] [--ca-path=dir] [--cert=file] [--crl=file]
>[-i file] [--key=file] [-N file] [--no-passive] [--no-proxy=list]
>[--no-sslv3] [--no-tlsv1] [--no-verify-hostname]
> [--no-verify-peer]
>[-o file] [--referer=URL] [-S bytes] [-T seconds]
>[--user-agent=agent-string] [-w seconds] -h host -f file [-c dir]
>
> Also, 520.pfdenied doesn't produce any output. In fact, it doesn't appear
> to be run at all.
>
> Any thoughts, or advice on how to best proceed?
>
> Thanks!
>
> --Chris
This looks the same as what I experienced. It will be fixed by upgrading
until at least this commit:
http://www.secnetix.de/olli/FreeBSD/svnews/index.py?r=326343
It appears that you indicate anything past, or including r326343 resolves this
I'll look into it.
But FWIW I was able to get etc/periodic/security/520.pfdenied output working
with the following diff(1):
--- /etc/periodic/security/520.pfdenied.orig2017-11-21 06:57:04.0
-0800
+++ /etc/periodic/security/520.pfdenied 2017-03-29 16:22:50.0 -0700
@@ -24,7 +24,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD: head/etc/periodic/security/520.pfdenied 306696 2016-10-04
23:12:35Z lidl $
+# $FreeBSD: head/etc/periodic/security/520.pfdenied 290405 2015-11-05
17:37:14Z lidl $
#
# If there is a global system configuration file, suck it in.
@@ -44,13 +44,8 @@
if check_yesno_period security_status_pfdenied_enable
then
TMP=`mktemp -t security`
- for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null)
- do
- pfctl -a ${_a} -sr -v -z 2>/dev/null | \
- nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0)
print buf$0;} }' >> ${TMP}
- done
- if [ -s ${TMP} ]; then
- check_diff new_only pf ${TMP} "${host} pf denied packets:"
+ if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub("
+"," ",$0); print buf$0;} }' > ${TMP}; then
+ check_diff new_only pf ${TMP} "${host} pf denied packets:"
fi
rc=$?
rm -f ${TMP}
Thanks for taking the time to reply, Ronald!
Ronald.
--Chris
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: status-mail-rejects: appears to be broken
This looks the same as what I experienced. It will be fixed by upgrading until at least this commit: http://www.secnetix.de/olli/FreeBSD/svnews/index.py?r=326343 Ronald. On Sun, 17 Dec 2017 20:50:23 +0100, Chris H wrote: I'm running on r326056, and periodic(8) doesn't seem to be working as expected; mail rejects: Checking for rejected mail hosts: usage: fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=host] [--ca-cert=file] [--ca-path=dir] [--cert=file] [--crl=file] [-i file] [--key=file] [-N file] [--no-passive] [--no-proxy=list] [--no-sslv3] [--no-tlsv1] [--no-verify-hostname] [--no-verify-peer] [-o file] [--referer=URL] [-S bytes] [-T seconds] [--user-agent=agent-string] [-w seconds] URL ... fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=host] [--ca-cert=file] [--ca-path=dir] [--cert=file] [--crl=file] [-i file] [--key=file] [-N file] [--no-passive] [--no-proxy=list] [--no-sslv3] [--no-tlsv1] [--no-verify-hostname] [--no-verify-peer] [-o file] [--referer=URL] [-S bytes] [-T seconds] [--user-agent=agent-string] [-w seconds] -h host -f file [-c dir] Also, 520.pfdenied doesn't produce any output. In fact, it doesn't appear to be run at all. Any thoughts, or advice on how to best proceed? Thanks! --Chris ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
