From: Martin Zobel-Helas <zobel@debian.org>
Date: Sat, 1 Nov 2014 11:17:43 +0000 (+0100)
Subject: write out a hash of the actually online firewall rules
X-Git-Url: https://wiki.adam-barratt.org.uk/gitweb/?a=commitdiff_plain;h=fc2a346048a79ea41f8fa5ac2325e4cec0e440c9;p=mirror%2Fdsa-nagios.git

write out a hash of the actually online firewall rules

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
---

diff --git a/dsa-nagios-checks/debian/cron.d b/dsa-nagios-checks/debian/cron.d
index 8536e02..0707def 100644
--- a/dsa-nagios-checks/debian/cron.d
+++ b/dsa-nagios-checks/debian/cron.d
@@ -1,4 +1,6 @@
 @hourly  root [ -x /usr/sbin/dsa-update-apt-status ] && /usr/sbin/dsa-update-apt-status 2>&1 | logger -t dsa-update-apt-status
+@hourly  root [ -x /sbin/iptables-save ] && umask 0177; iptables-save | sed -e 's/\[.*//' -e 's/^#.*//' | sha256sum > /var/run/iptables-online.checksum
+@hourly  root [ -x /sbin/ip6tables-save ] && umask 0177; ip6tables-save | sed -e 's/\[.*//' -e 's/^#.*//' | sha256sum > /var/run/ip6tables-online.checksum
 13 */4 * * * root [ -x /usr/sbin/dsa-update-samhain-status ] && /usr/sbin/dsa-update-samhain-status
 
 SHELL=/bin/bash