write out a hash of the actually online firewall rules

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>

diff --git a/dsa-nagios-checks/debian/cron.d b/dsa-nagios-checks/debian/cron.d
index 8536e02..0707def 100644 (file)
--- a/dsa-nagios-checks/debian/cron.d
+++ b/dsa-nagios-checks/debian/cron.d
@@ -1,4 +1,6 @@
 @hourly  root [ -x /usr/sbin/dsa-update-apt-status ] && /usr/sbin/dsa-update-apt-status 2>&1 | logger -t dsa-update-apt-status
+@hourly  root [ -x /sbin/iptables-save ] && umask 0177; iptables-save | sed -e 's/\[.*//' -e 's/^#.*//' | sha256sum > /var/run/iptables-online.checksum
+@hourly  root [ -x /sbin/ip6tables-save ] && umask 0177; ip6tables-save | sed -e 's/\[.*//' -e 's/^#.*//' | sha256sum > /var/run/ip6tables-online.checksum
 13 */4 * * * root [ -x /usr/sbin/dsa-update-samhain-status ] && /usr/sbin/dsa-update-samhain-status
 
 SHELL=/bin/bash