Re: [Bastille-linux-discuss] bastille-netfilter script
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
From: Sweth C. <bas...@as...> - 2002-04-18 20:15:34
|
On Thu, Apr 18, 2002 at 11:37:15AM -0700, Jeremy Gaudet wrote: > if [ $i = "${DEFAULT_GW_IFACE}" ]; then > DEFAULT_GW_IP=`ifconfig ${i} | grep "inet addr" | awk '{print $2}'` > fi > > sets "addr:xxx.yyy.zzz.www" as the DEFAULT_GW_IP. It needs to be changed > to > > DEFAULT_GW_IP=`ifconfig ${i} | grep "inet addr" | awk '{print $2}' | awk > -F: '{print $2}'` or DEFAULT_GW_IP=`ifconfig $i | awk '/inet/ {sub(/.*:/,"",$2);print $2}' , which will also work for OSes like HP-UX where ifconfig doesn't include the "addr:" string (not that bastille-netfilter supports HP-UX yet, but it doesn't hurt to code flexibly). > > to strip out the "addr". Second, this block is running in a "for i" in > INTERNAL_IFACES. Typically, the default gateway would be on one of the > PUBLIC_IFACES. I added a for i in PUBLIC_IFACES right under the original > one to cover this case. Why not just do a "for i in $INTERNAL_IFACES $PUBLIC_IFACES"? -- Sweth. -- Sweth Chandramouli Idiopathic Systems Consulting sv...@id... http://www.idiopathic.net/ |