[pkg-perl-tools] 03/04: examples/pbuilder-hooks/*iptables: add logging and dmesg output.
gregor herrmann
gregoa at debian.org
Sun Jul 24 15:11:11 UTC 2016
This is an automated email from the git hooks/post-receive script.
gregoa pushed a commit to branch master
in repository pkg-perl-tools.
commit 32b214a5dde67113427d2d9ca18d7edbc3b0d066
Author: gregor herrmann <gregoa at debian.org>
Date: Sun Jul 24 17:06:43 2016 +0200
examples/pbuilder-hooks/*iptables: add logging and dmesg output.
This helps to detect attempts to connect to the internet during build.
---
examples/pbuilder-hooks/A00iptables | 5 ++++-
examples/pbuilder-hooks/B00iptables | 6 +++++-
examples/pbuilder-hooks/C00iptables | 6 +++++-
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/examples/pbuilder-hooks/A00iptables b/examples/pbuilder-hooks/A00iptables
index 2d0524d..1bc8e91 100755
--- a/examples/pbuilder-hooks/A00iptables
+++ b/examples/pbuilder-hooks/A00iptables
@@ -1,6 +1,6 @@
#!/bin/sh
-# Copyright: 2012 gregor herrmann <gregoa at debian.org>
+# Copyright: 2012-2016 gregor herrmann <gregoa at debian.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the same terms as Perl itself.
@@ -10,6 +10,9 @@
apt-get install -y iptables
+dmesg --clear
# GID must match the one defined by BUILDUSERID into pbuilderrc file
+iptables -A OUTPUT ! -s 127.0.0.1 ! -d 127.0.0.1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
iptables -A OUTPUT ! -s 127.0.0.1 ! -d 127.0.0.1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp-port-unreachable || true
+ip6tables -A OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
ip6tables -A OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp6-port-unreachable || true
diff --git a/examples/pbuilder-hooks/B00iptables b/examples/pbuilder-hooks/B00iptables
index d1f5cce..128b79f 100755
--- a/examples/pbuilder-hooks/B00iptables
+++ b/examples/pbuilder-hooks/B00iptables
@@ -1,10 +1,14 @@
#!/bin/sh
-# Copyright: 2012 gregor herrmann <gregoa at debian.org>
+# Copyright: 2012-2016 gregor herrmann <gregoa at debian.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the same terms as Perl itself.
# GID must match the one defined by BUILDUSERID into pbuilderrc file
+iptables -D OUTPUT ! -s 127.0.0.1 ! -d 127.0.0.1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
iptables -D OUTPUT ! -s 127.0.0.1 ! -d 127.0.0.1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp-port-unreachable || true
+ip6tables -D OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
ip6tables -D OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp6-port-unreachable || true
+
+dmesg | grep "COWBUILDER: " || true
diff --git a/examples/pbuilder-hooks/C00iptables b/examples/pbuilder-hooks/C00iptables
index d1f5cce..128b79f 100755
--- a/examples/pbuilder-hooks/C00iptables
+++ b/examples/pbuilder-hooks/C00iptables
@@ -1,10 +1,14 @@
#!/bin/sh
-# Copyright: 2012 gregor herrmann <gregoa at debian.org>
+# Copyright: 2012-2016 gregor herrmann <gregoa at debian.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the same terms as Perl itself.
# GID must match the one defined by BUILDUSERID into pbuilderrc file
+iptables -D OUTPUT ! -s 127.0.0.1 ! -d 127.0.0.1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
iptables -D OUTPUT ! -s 127.0.0.1 ! -d 127.0.0.1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp-port-unreachable || true
+ip6tables -D OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
ip6tables -D OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp6-port-unreachable || true
+
+dmesg | grep "COWBUILDER: " || true
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/pkg-perl-tools.git
More information about the Pkg-perl-cvs-commits
mailing list