Theo Buehler wrote:
If I understand correctly, this needs to run as root since the authlog script issues pfctl commands.
I have not examined the port very closely, but from a quick glance I guess root is not absolutely needed, with some clever engineering.
First of all, if you need reaction to issue a command as root, I think you can just create a reaction user, add the corresponding entries to /etc/doas.conf, and execute any necessary "reaction" using doas.
You don't even need to add the reaction user to a privilege group in order to read logs. Just tweak the syslogd configuration to put the stuff you need reaction to cover in a separate file which is readable by the reaction user only and you are gold to go.
Just some random thoughts. I am using some cheap ksh scripts myself for this sort of thing, heh.
