extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 11:41:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Implement some extentions to AUDIT

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-05-21 09:25:58 -07:00
parent 61b5dbbb95
commit 82d6a00c9e
3 changed files with 115 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall/Perl/Shorewall/Config.pm
View File

@ -3345,10 +3345,12 @@ sub get_configuration( $ ) {
default 'BLACKLIST_DISPOSITION' , 'DROP'; default 'BLACKLIST_DISPOSITION' , 'DROP';
unless ( $config{BLACKLIST_DISPOSITION} =~ /^(?:A_)?DROP$/ || $config{BLACKLIST_DISPOSITION} =~ /^(?:A_)?REJECT/ ) { unless ( ( $val = $config{BLACKLIST_DISPOSITION} ) =~ /^(?:A_)?DROP$/ || $config{BLACKLIST_DISPOSITION} =~ /^(?:A_)?REJECT/ ) {
fatal_error q(BLACKLIST_DISPOSITION must be 'DROP', 'A_DROP', 'REJECT' or 'A_REJECT'); fatal_error q(BLACKLIST_DISPOSITION must be 'DROP', 'A_DROP', 'REJECT' or 'A_REJECT');
} }
require_capability 'AUDIT_TARGET', "BLACKLIST_DISPOSITION=$val", 's' if $val =~ /^A_/;
default_log_level 'BLACKLIST_LOGLEVEL', ''; default_log_level 'BLACKLIST_LOGLEVEL', '';
default_log_level 'MACLIST_LOG_LEVEL', ''; default_log_level 'MACLIST_LOG_LEVEL', '';
default_log_level 'TCP_FLAGS_LOG_LEVEL', ''; default_log_level 'TCP_FLAGS_LOG_LEVEL', '';
@ -3371,6 +3373,8 @@ sub get_configuration( $ ) {
} else { } else {
fatal_error "Invalid value ($config{MACLIST_DISPOSITION}) for MACLIST_DISPOSITION" fatal_error "Invalid value ($config{MACLIST_DISPOSITION}) for MACLIST_DISPOSITION"
} }
require_capability 'AUDIT_TARGET' , "MACLIST_DISPOSITION=$val", 's' if $val =~ /^A_/;
} else { } else {
$config{MACLIST_DISPOSITION} = 'reject'; $config{MACLIST_DISPOSITION} = 'reject';
} }
@ -3386,11 +3390,13 @@ sub get_configuration( $ ) {
} }
if ( $val = $config{TCP_FLAGS_DISPOSITION} ) { if ( $val = $config{TCP_FLAGS_DISPOSITION} ) {
fatal_error "Invalid value ($config{TCP_FLAGS_DISPOSITION}) for TCP_FLAGS_DISPOSITION" unless $val =~ /^(?:A_)?(REJECT|ACCEPT|DROP)$/; fatal_error "Invalid value ($config{TCP_FLAGS_DISPOSITION}) for TCP_FLAGS_DISPOSITION" unless $val =~ /^(?:(?:A_)?(?:REJECT|DROP)|ACCEPT)$/;
} else { } else {
$config{TCP_FLAGS_DISPOSITION} = 'DROP'; $config{TCP_FLAGS_DISPOSITION} = 'DROP';
} }
require_capability 'AUDIT_TARGET' , "TCP_FLAGS_DISPOSITION=$val", 's' if $val =~ /^A_/;
default 'TC_ENABLED' , $family == F_IPV4 ? 'Internal' : 'no'; default 'TC_ENABLED' , $family == F_IPV4 ? 'Internal' : 'no';
$val = "\L$config{TC_ENABLED}"; $val = "\L$config{TC_ENABLED}";

52
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -203,7 +203,9 @@ sub setup_blacklist() {
my $chainref; my $chainref;
my $chainref1; my $chainref1;
my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL', 'BLACKLIST_DISPOSITION' }; my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL', 'BLACKLIST_DISPOSITION' };
my $audit = $disposition =~ s/^A_//;
my $target = $disposition eq 'REJECT' ? 'reject' : $disposition; my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
my $auditref;
# #
# We go ahead and generate the blacklist chains and jump to them, even if they turn out to be empty. That is necessary # We go ahead and generate the blacklist chains and jump to them, even if they turn out to be empty. That is necessary
# for 'refresh' to work properly. # for 'refresh' to work properly.
@ -212,11 +214,13 @@ sub setup_blacklist() {
$chainref = dont_delete new_standard_chain 'blacklst' if @$zones; $chainref = dont_delete new_standard_chain 'blacklst' if @$zones;
$chainref1 = dont_delete new_standard_chain 'blackout' if @$zones1; $chainref1 = dont_delete new_standard_chain 'blackout' if @$zones1;
if ( defined $level && $level ne '' ) { if ( $audit || ( defined $level && $level ne '' ) ) {
my $logchainref = new_standard_chain 'blacklog'; my $logchainref = new_standard_chain 'blacklog';
log_rule_limit( $level , $logchainref , 'blacklst' , $disposition , "$globals{LOGLIMIT}" , '', 'add', '' ); log_rule_limit( $level , $logchainref , 'blacklst' , $disposition , "$globals{LOGLIMIT}" , '', 'add', '' );
add_rule( $logchainref, '-j AUDIT --type ' . lc $target ) if $audit;
add_jump $logchainref, $target, 1; add_jump $logchainref, $target, 1;
$target = 'blacklog'; $target = 'blacklog';
@ -247,18 +251,37 @@ sub setup_blacklist() {
$options = 'src' if $options eq '-'; $options = 'src' if $options eq '-';
my ( $to, $from, $whitelist ) = ( 0, 0, 0 ); my ( $to, $from, $whitelist, $auditone ) = ( 0, 0, 0, 0 );
my @options = split_list $options, 'option'; my @options = split_list $options, 'option';
for ( @options ) { for ( @options ) {
$whitelist++ if $_ eq 'whitelist'; $whitelist++ if $_ eq 'whitelist';
$auditone++ if $_ eq 'audit';
} }
warning_message "Duplicate 'whitelist' option ignored" if $whitelist > 1; warning_message "Duplicate 'whitelist' option ignored" if $whitelist > 1;
my $tgt = $whitelist ? 'RETURN' : $target; my $tgt = $whitelist ? 'RETURN' : $target;
if ( $auditone ) {
fatal_error "'audit' not allowed in whitelist entries" if $whitelist;
if ( $audit ) {
warning_message "Superfluous 'audit' option ignored";
} else {
warning_message "Duplicate 'audit' option ignored" if $auditone > 1;
unless ( $auditref ) {
$auditref = new_standard_chain 'blackaud';
add_rule $auditref, '-j AUDIT --type ' . lc $target;
add_jump $auditref, $target, 1;
}
$tgt = 'blackaud';
}
}
for ( @options ) { for ( @options ) {
if ( $_ =~ /^(?:src|from)$/ ) { if ( $_ =~ /^(?:src|from)$/ ) {
if ( $from++ ) { if ( $from++ ) {
@ -301,7 +324,7 @@ sub setup_blacklist() {
} }
} }
} else { } else {
fatal_error "Invalid blacklist option($_)" unless $_ eq 'whitelist'; fatal_error "Invalid blacklist option($_)" unless $_ eq 'whitelist' || $_ eq 'audit';
} }
} }
@ -604,22 +627,28 @@ sub add_common_rules() {
$list = find_hosts_by_option 'tcpflags'; $list = find_hosts_by_option 'tcpflags';
if ( @$list ) { if ( @$list ) {
my $disposition; my $level = $config{TCP_FLAGS_LOG_LEVEL};
my $disposition = $config{TCP_FLAGS_DISPOSITION};
my $audit = $disposition =~ s/^A_//;
progress_message2 "$doing TCP Flags filtering..."; progress_message2 "$doing TCP Flags filtering...";
$chainref = new_standard_chain 'tcpflags'; $chainref = new_standard_chain 'tcpflags';
if ( $config{TCP_FLAGS_LOG_LEVEL} ne '' ) { if ( $audit || $level ) {
my $logflagsref = new_standard_chain 'logflags'; my $logflagsref = new_standard_chain 'logflags';
my $savelogparms = $globals{LOGPARMS}; if ( $level ) {
my $savelogparms = $globals{LOGPARMS};
$globals{LOGPARMS} = "$globals{LOGPARMS}--log-ip-options "; $globals{LOGPARMS} = "$globals{LOGPARMS}--log-ip-options ";
log_rule $config{TCP_FLAGS_LOG_LEVEL} , $logflagsref , $config{TCP_FLAGS_DISPOSITION}, ''; log_rule $level , $logflagsref , $config{TCP_FLAGS_DISPOSITION}, '';
$globals{LOGPARMS} = $savelogparms; $globals{LOGPARMS} = $savelogparms;
}
add_rule( $logflagsref, '-j AUDIT --type ' . lc $disposition ) if $audit;
if ( $config{TCP_FLAGS_DISPOSITION} eq 'REJECT' ) { if ( $config{TCP_FLAGS_DISPOSITION} eq 'REJECT' ) {
add_rule $logflagsref , '-p 6 -j REJECT --reject-with tcp-reset'; add_rule $logflagsref , '-p 6 -j REJECT --reject-with tcp-reset';
@ -628,8 +657,6 @@ sub add_common_rules() {
} }
$disposition = 'logflags'; $disposition = 'logflags';
} else {
$disposition = $config{TCP_FLAGS_DISPOSITION};
} }
add_jump $chainref , $disposition, 1, '-p tcp --tcp-flags ALL FIN,URG,PSH '; add_jump $chainref , $disposition, 1, '-p tcp --tcp-flags ALL FIN,URG,PSH ';
@ -713,6 +740,7 @@ sub setup_mac_lists( $ ) {
my $target = $globals{MACLIST_TARGET}; my $target = $globals{MACLIST_TARGET};
my $level = $config{MACLIST_LOG_LEVEL}; my $level = $config{MACLIST_LOG_LEVEL};
my $disposition = $config{MACLIST_DISPOSITION}; my $disposition = $config{MACLIST_DISPOSITION};
my $audit = $disposition =~ /^A_/;
my $ttl = $config{MACLIST_TTL}; my $ttl = $config{MACLIST_TTL};
progress_message2 "$doing MAC Filtration -- Phase $phase..."; progress_message2 "$doing MAC Filtration -- Phase $phase...";
@ -790,11 +818,13 @@ sub setup_mac_lists( $ ) {
my $source = match_source_net $address; my $source = match_source_net $address;
log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , "${mac}${source}" log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , "${mac}${source}"
if defined $level && $level ne ''; if defined $level && $level ne '';
add_rule( $chainref , '-j AUDIT --type ' . lc $disposition ) if $audit && $disposition ne 'ACCEPT';
add_jump $chainref , $targetref->{target}, 0, "${mac}${source}"; add_jump $chainref , $targetref->{target}, 0, "${mac}${source}";
} }
} else { } else {
log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , $mac log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , $mac
if defined $level && $level ne ''; if defined $level && $level ne '';
add_rule( $chainref , '-j AUDIT --type ' . lc $disposition ) if $audit && $disposition ne 'ACCEPT';
add_jump $chainref , $targetref->{target}, 0, "$mac"; add_jump $chainref , $targetref->{target}, 0, "$mac";
} }

95
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1139,8 +1139,13 @@ sub map_old_actions( $ ) {
# #
# The following small functions generate rules for the builtin actions of the same name # The following small functions generate rules for the builtin actions of the same name
# #
sub dropBcast( $$$ ) { sub dropBcast( $$$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag, $audit) = @_;
if ( defined $audit && $audit ne '' ) {
fatal_error "Invalid parameter ($audit)" unless $audit eq 'audit';
require_capability 'AUDIT_TARGET', 'audit', 's';
}
if ( have_capability( 'ADDRTYPE' ) ) { if ( have_capability( 'ADDRTYPE' ) ) {
if ( $level ne '' ) { if ( $level ne '' ) {
@ -1152,6 +1157,7 @@ sub dropBcast( $$$ ) {
} }
} }
add_rule $chainref, '-m addrtype --dst-type BROADCAST -j AUDIT --type drop' if $audit;
add_rule $chainref, '-m addrtype --dst-type BROADCAST -j DROP'; add_rule $chainref, '-m addrtype --dst-type BROADCAST -j DROP';
} else { } else {
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
@ -1170,14 +1176,21 @@ sub dropBcast( $$$ ) {
} }
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
add_rule $chainref, '-d 224.0.0.0/4 -j AUDIT --type drop' if $audit;
add_rule $chainref, '-d 224.0.0.0/4 -j DROP'; add_rule $chainref, '-d 224.0.0.0/4 -j DROP';
} else { } else {
add_rule $chainref, join( ' ', '-d', IPv6_MULTICAST, '-j AUDIT --type drop' );
add_rule $chainref, join( ' ', '-d', IPv6_MULTICAST, '-j DROP' ); add_rule $chainref, join( ' ', '-d', IPv6_MULTICAST, '-j DROP' );
} }
} }
sub allowBcast( $$$ ) { sub allowBcast( $$$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag, $audit) = @_;
if ( defined $audit && $audit ne '' ) {
fatal_error "Invalid parameter ($audit)" unless $audit eq 'audit';
require_capability 'AUDIT_TARGET', 'audit', 's';
}
if ( $family == F_IPV4 && have_capability( 'ADDRTYPE' ) ) { if ( $family == F_IPV4 && have_capability( 'ADDRTYPE' ) ) {
if ( $level ne '' ) { if ( $level ne '' ) {
@ -1185,7 +1198,9 @@ sub allowBcast( $$$ ) {
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d 224.0.0.0/4 '; log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d 224.0.0.0/4 ';
} }
add_rule $chainref, '-m addrtype --dst-type BROADCAST -j AUDIT --type accept' if $audit;
add_rule $chainref, '-m addrtype --dst-type BROADCAST -j ACCEPT'; add_rule $chainref, '-m addrtype --dst-type BROADCAST -j ACCEPT';
add_rule $chainref, '-d 224.0.0.0/4 -j AUDIT --type accept' if $audit;
add_rule $chainref, '-d 224.0.0.0/4 -j ACCEPT'; add_rule $chainref, '-d 224.0.0.0/4 -j ACCEPT';
} else { } else {
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
@ -1196,62 +1211,97 @@ sub allowBcast( $$$ ) {
incr_cmd_level $chainref; incr_cmd_level $chainref;
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d $address ' if $level ne ''; log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d $address ' if $level ne '';
add_rule $chainref, '-d $address -j AUDIT --type accept' if $audit;
add_rule $chainref, '-d $address -j ACCEPT'; add_rule $chainref, '-d $address -j ACCEPT';
decr_cmd_level $chainref; decr_cmd_level $chainref;
add_commands $chainref, 'done'; add_commands $chainref, 'done';
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne ''; log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
add_rule $chainref, '-d 224.0.0.0/4 -j AUDIT --type accept' if $audit;
add_rule $chainref, '-d 224.0.0.0/4 -j ACCEPT'; add_rule $chainref, '-d 224.0.0.0/4 -j ACCEPT';
} else { } else {
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d ' . IPv6_MULTICAST . ' ' if $level ne ''; log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d ' . IPv6_MULTICAST . ' ' if $level ne '';
add_rule $chainref, join ( ' ', '-d', IPv6_MULTICAST, '-j AUDIT --type accept' ) if $audit;
add_rule $chainref, join ( ' ', '-d', IPv6_MULTICAST, '-j ACCEPT' ); add_rule $chainref, join ( ' ', '-d', IPv6_MULTICAST, '-j ACCEPT' );
} }
} }
} }
sub dropNotSyn ( $$$ ) { sub dropNotSyn ( $$$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag, $audit) = @_;
if ( defined $audit && $audit ne '' ) {
fatal_error "Invalid parameter ($audit)" unless $audit eq 'audit';
require_capability 'AUDIT_TARGET', 'audit', 's';
}
log_rule_limit $level, $chainref, 'dropNotSyn' , 'DROP', '', $tag, 'add', '-p 6 ! --syn ' if $level ne ''; log_rule_limit $level, $chainref, 'dropNotSyn' , 'DROP', '', $tag, 'add', '-p 6 ! --syn ' if $level ne '';
add_rule $chainref , '-p 6 ! --syn -j AUDIT --type drop' if $audit;
add_rule $chainref , '-p 6 ! --syn -j DROP'; add_rule $chainref , '-p 6 ! --syn -j DROP';
} }
sub rejNotSyn ( $$$ ) { sub rejNotSyn ( $$$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag, $audit) = @_;
if ( defined $audit && $audit ne '' ) {
fatal_error "Invalid parameter ($audit)" unless $audit eq 'audit';
require_capability 'AUDIT_TARGET', 'audit', 's';
}
log_rule_limit $level, $chainref, 'rejNotSyn' , 'REJECT', '', $tag, 'add', '-p 6 ! --syn ' if $level ne ''; log_rule_limit $level, $chainref, 'rejNotSyn' , 'REJECT', '', $tag, 'add', '-p 6 ! --syn ' if $level ne '';
add_rule $chainref , '-p 6 ! --syn -j AUDIT --type reject' if $audit;
add_rule $chainref , '-p 6 ! --syn -j REJECT --reject-with tcp-reset'; add_rule $chainref , '-p 6 ! --syn -j REJECT --reject-with tcp-reset';
} }
sub dropInvalid ( $$$ ) { sub dropInvalid ( $$$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag, $audit) = @_;
if ( defined $audit && $audit ne '' ) {
fatal_error "Invalid parameter ($audit)" unless $audit eq 'audit';
require_capability 'AUDIT_TARGET', 'audit', 's';
}
log_rule_limit $level, $chainref, 'dropInvalid' , 'DROP', '', $tag, 'add', "$globals{STATEMATCH} INVALID " if $level ne ''; log_rule_limit $level, $chainref, 'dropInvalid' , 'DROP', '', $tag, 'add', "$globals{STATEMATCH} INVALID " if $level ne '';
add_rule $chainref , "$globals{STATEMATCH} INVALID -j AUDIT --type drop" if $audit;
add_rule $chainref , "$globals{STATEMATCH} INVALID -j DROP"; add_rule $chainref , "$globals{STATEMATCH} INVALID -j DROP";
} }
sub allowInvalid ( $$$ ) { sub allowInvalid ( $$$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag, $audit) = @_;
if ( defined $audit && $audit ne '' ) {
fatal_error "Invalid parameter ($audit)" unless $audit eq 'audit';
require_capability 'AUDIT_TARGET', 'audit', 's';
}
log_rule_limit $level, $chainref, 'allowInvalid' , 'ACCEPT', '', $tag, 'add', "$globals{STATEMATCH} INVALID " if $level ne ''; log_rule_limit $level, $chainref, 'allowInvalid' , 'ACCEPT', '', $tag, 'add', "$globals{STATEMATCH} INVALID " if $level ne '';
add_rule $chainref , "$globals{STATEMATCH} INVALID -j AUDIT --type accept" if $audit;
add_rule $chainref , "$globals{STATEMATCH} INVALID -j ACCEPT"; add_rule $chainref , "$globals{STATEMATCH} INVALID -j ACCEPT";
} }
sub forwardUPnP ( $$$ ) { sub forwardUPnP ( $$$$ ) {
my $chainref = dont_optimize 'forwardUPnP'; my $chainref = dont_optimize 'forwardUPnP';
add_commands( $chainref , '[ -f ${VARDIR}/.forwardUPnP ] && cat ${VARDIR}/.forwardUPnP >&3' ); add_commands( $chainref , '[ -f ${VARDIR}/.forwardUPnP ] && cat ${VARDIR}/.forwardUPnP >&3' );
} }
sub allowinUPnP ( $$$ ) { sub allowinUPnP ( $$$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag, $audit) = @_;
if ( defined $audit && $audit ne '' ) {
fatal_error "Invalid parameter ($audit)" unless $audit eq 'audit';
require_capability 'AUDIT_TARGET', 'audit', 's';
}
if ( $level ne '' ) { if ( $level ne '' ) {
log_rule_limit $level, $chainref, 'allowinUPnP' , 'ACCEPT', '', $tag, 'add', '-p 17 --dport 1900 '; log_rule_limit $level, $chainref, 'allowinUPnP' , 'ACCEPT', '', $tag, 'add', '-p 17 --dport 1900 ';
log_rule_limit $level, $chainref, 'allowinUPnP' , 'ACCEPT', '', $tag, 'add', '-p 6 --dport 49152 '; log_rule_limit $level, $chainref, 'allowinUPnP' , 'ACCEPT', '', $tag, 'add', '-p 6 --dport 49152 ';
} }
add_rule $chainref, '-p 17 --dport 1900 -j AUDIT --type accept' if $audit;
add_rule $chainref, '-p 17 --dport 1900 -j ACCEPT'; add_rule $chainref, '-p 17 --dport 1900 -j ACCEPT';
add_rule $chainref, '-p 6 --dport 49152 -j AUDIT --type accept' if $audit;
add_rule $chainref, '-p 6 --dport 49152 -j ACCEPT'; add_rule $chainref, '-p 6 --dport 49152 -j ACCEPT';
} }
@ -1344,7 +1394,6 @@ my %builtinops = ( 'dropBcast' => \&dropBcast,
# - Reads actions.std and actions (in that order) and for each entry: # - Reads actions.std and actions (in that order) and for each entry:
# o Adds the action to the target table # o Adds the action to the target table
# o Verifies that the corresponding action file exists # o Verifies that the corresponding action file exists
# o Creates action chains for config options that have audited settings.
# #
sub process_actions() { sub process_actions() {
@ -1385,10 +1434,6 @@ sub process_actions() {
my $ref; my $ref;
for ( map normalize_action_name $_ , ( grep $auditactions{$_}, ( map $config{$_}, @auditoptions ) ) ) {
process_action( $ref ) if $ref = use_action($_);
}
} }
sub process_rule1 ( $$$$$$$$$$$$$$$$ ); sub process_rule1 ( $$$$$$$$$$$$$$$$ );
@ -1480,16 +1525,6 @@ sub use_policy_action( $ ) {
process_action( $ref ) if $ref; process_action( $ref ) if $ref;
} }
#
# This function creates and populates the chains for config options with audited settings.
#
sub process_actions2 () {
my $ref;
}
################################################################################ ################################################################################
# End of functions moved from the Actions module in 4.4.16 # End of functions moved from the Actions module in 4.4.16
################################################################################ ################################################################################