Theo Buehler wrote:
> If I understand correctly, this needs to run as root since the authlog
> script issues pfctl commands.
>
I have not examined the port very closely, but from a quick glance I
guess root is not absolutely needed, with some clever engineering.
First of all, if you need reaction to issue a command as root, I think
you can just create a reaction user, add the corresponding entries to
/etc/doas.conf, and execute any necessary "reaction" using doas.
You don't even need to add the reaction user to a privilege group in
order to read logs. Just tweak the syslogd configuration to put the
stuff you need reaction to cover in a separate file which is readable by
the reaction user only and you are gold to go.
Just some random thoughts. I am using some cheap ksh scripts myself for
this sort of thing, heh.
No comments:
Post a Comment