From d3743d40c2c7d0cfe2d41518dc1d61c2ca277ac9 Mon Sep 17 00:00:00 2001 From: cinap_lenrek Date: Mon, 29 Nov 2021 20:07:04 +0000 Subject: [PATCH] netaudit, ndb(6): the dom= attribute in ndb should be specified without the trailing period --- rc/bin/netaudit | 60 ++++++++++++++++++++++++++++++++----------------- sys/man/6/ndb | 2 +- 2 files changed, 41 insertions(+), 21 deletions(-) diff --git a/rc/bin/netaudit b/rc/bin/netaudit index 926f2fed2..739126c09 100755 --- a/rc/bin/netaudit +++ b/rc/bin/netaudit @@ -1,5 +1,30 @@ #!/bin/rc rfork e +fn checkether { + echo -n ' '$1'='$2 + if(! ~ $2 [0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]) + echo ' has wrong format' + if not if(! grep -s $i /net/ether*/addr) + echo ' does not belong to any network interface' + if not + echo ' looks ok' +} +fn checkip { + echo -n ' '$1'='$2 + if(! ~ $2 *.*.*.* *:*:*:*:*:*:*:* *::*) + echo ' does not look like an ip address' + if not + echo ' looks ok' +} +fn checkdom { + echo -n ' '$1'='$2 + if(! ~ $2 *.*) + echo ' does not have a dot' + if not if(~ $2 *.) + echo ' has a trailing period' + if not + echo ' looks ok' +} fn checkhost { if(~ $sysname ''){ echo 'sysname= env var is not set' @@ -9,19 +34,19 @@ fn checkhost { ip=`{ndb/ipquery sys $sysname ip | sed 's/ip=//g'} if(~ $ip '') echo ' no ip= entry' - if not - echo ' ip='$ip 'looks ok' + if not { + for(i in $ip){ + checkip ip $i + } + } dom=`{ndb/ipquery sys $sysname dom | sed 's/dom=//g'} if(~ $dom '') echo ' no dom= entry' if not { for(i in $dom){ - if(! ~ $i *.*) - echo ' dom='$i 'does not have a dot' - if not if(! ~ $i $sysname^.*) + checkdom dom $i + if(! ~ $i $sysname^.*) echo ' dom='$i 'does not start with' $sysname^'; it''s supposed to be the FQDN, not the domain name!' - if not - echo ' dom='$i 'looks ok' } } ether=`{ndb/ipquery sys $sysname ether | sed 's/ether=//g'} @@ -29,12 +54,7 @@ fn checkhost { echo ' no ether entry' if not { for(i in $ether){ - if(! ~ $i [0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]) - echo ' ether='$i 'has wrong format' - if not if(! grep -s $i /net/ether*/addr) - echo ' ether='$i 'does not belong to any network interface' - if not - echo ' ether='$i 'looks ok' + checkether ether $i } } } @@ -44,17 +64,17 @@ fn checknet { if(~ $ipnet ''){ echo ' we are not in an ipnet, so looking for entries in host tuple only' } - if not - echo ' we are in ipnet='^$ipnet + if not { + echo ' we are in ' 'ipnet='^$ipnet + } ipgw=`{ndb/ipquery sys $sysname ipgw | sed 's/ipgw=//g'} if(~ $ipgw '' '::'){ echo ' we do not have an internet gateway, no ipgw= entry' } if not { - if(! ~ $ipgw *.*.*.* *:*:*:*:*:*:*:* *::*) - echo ' ipgw='$ipgw 'does not look like an ip address' - if not - echo ' ipgw='$ipgw 'looks ok' + for(i in $ipgw) { + checkip ipgw $i + } } dns=`{ndb/ipquery sys $sysname dns | sed 's/dns=//g'} if(~ $dns '') @@ -112,7 +132,7 @@ fn checkauth { } if not { echo ' we are not the auth server '^$auth - echo ' if this is a mistake, set auth='$sysname' or auth='$dom + echo ' if this is a mistake, set auth='$sysname 'or auth='$dom if(~ $authok 1) echo ' run auth/debug to test the auth server' } diff --git a/sys/man/6/ndb b/sys/man/6/ndb index 9de85c734..2ac7395a7 100644 --- a/sys/man/6/ndb +++ b/sys/man/6/ndb @@ -161,7 +161,7 @@ They are: system name (a short name) .TP .B dom -Internet fully-qualified domain name +Internet fully-qualified domain name (without the trailing period) .TP .B ip Internet address,