Date: Fri, 12 Jan 2018 15:29:00 +0000 (UTC) From: Kurt Jaeger <pi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r458854 - in head/security/base-audit: . files Message-ID: <201801121529.w0CFT0hx095538@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pi Date: Fri Jan 12 15:29:00 2018 New Revision: 458854 URL: https://svnweb.freebsd.org/changeset/ports/458854 Log: security/base-audit: update 0.1 -> 0.2 - Introduce security_status_baseaudit_period variable to files/405.pkg-base-audit.in in order to make it possible to specify when this script is executed (i.e. daily, weekly or monthly). PR: 224239 Submitted by: Yasuhiro KIMURA <yasu@utahime.org>, Miroslav Lachman <000.fbsd@quip.cz> (maintainer) Added: head/security/base-audit/pkg-message (contents, props changed) Deleted: head/security/base-audit/files/pkg-message.in Modified: head/security/base-audit/Makefile head/security/base-audit/files/405.pkg-base-audit.in Modified: head/security/base-audit/Makefile ============================================================================== --- head/security/base-audit/Makefile Fri Jan 12 15:02:40 2018 (r458853) +++ head/security/base-audit/Makefile Fri Jan 12 15:29:00 2018 (r458854) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= base-audit -PORTVERSION= 0.1 +PORTVERSION= 0.2 CATEGORIES= security MASTER_SITES= # none DISTFILES= # none Modified: head/security/base-audit/files/405.pkg-base-audit.in ============================================================================== --- head/security/base-audit/files/405.pkg-base-audit.in Fri Jan 12 15:02:40 2018 (r458853) +++ head/security/base-audit/files/405.pkg-base-audit.in Fri Jan 12 15:29:00 2018 (r458854) @@ -38,6 +38,13 @@ if [ -r /etc/defaults/periodic.conf ]; then source_periodic_confs fi +: ${security_status_baseaudit_enable:=YES} +: ${security_status_baseaudit_period:=daily} +: ${security_status_baseaudit_quiet:=NO} +: ${security_status_baseaudit_chroots=$pkg_chroots} +: ${security_status_baseaudit_jails=$pkg_jails} +: ${security_status_baseaudit_expiry:=2} + # Compute PKG_DBDIR from the config file. pkgcmd=%%PREFIX%%/sbin/pkg PKG_DBDIR=`${pkgcmd} config PKG_DBDIR` @@ -91,7 +98,7 @@ audit_base() { now=`date +%s` || rc=3 ## Add 10 minutes of padding since the check is in seconds. if [ $rc -ne 0 -o \ - $(( 86400 \* "${daily_status_security_baseaudit_expiry:-2}" )) \ + $(( 86400 \* "${security_status_baseaudit_expiry}" )) \ -le $(( ${now} - ${then} + 600 )) ]; then ## Random delay so the mirrors do not get slammed when run by periodic(8) if [ ! -t 0 ]; then @@ -117,23 +124,20 @@ audit_base() { # Use $pkg_chroots to provide a default list of chroots, and # $pkg_jails to provide a default list of jails (or '*' for all jails) # for all pkg periodic scripts, or set -# $daily_status_security_baseaudit_chroots and -# $daily_status_security_baseaudit_jails for this script only. +# $security_status_baseaudit_chroots and +# $security_status_baseaudit_jails for this script only. audit_base_all() { local rc local last_rc local jails - : ${daily_status_security_baseaudit_chroots=$pkg_chroots} - : ${daily_status_security_baseaudit_jails=$pkg_jails} - # We always show audit results for the base system, but only print # a banner line if we're also showing audit results for any # chroots or jails. - if [ -n "${daily_status_security_baseaudit_chroots}" -o \ - -n "${daily_status_security_baseaudit_jails}" ]; then + if [ -n "${security_status_baseaudit_chroots}" -o \ + -n "${security_status_baseaudit_jails}" ]; then echo "Host system:" fi @@ -141,7 +145,7 @@ audit_base_all() { last_rc=$? [ $last_rc -gt 1 ] && rc=$last_rc - for c in $daily_status_security_baseaudit_chroots ; do + for c in $security_status_baseaudit_chroots ; do echo echo "chroot: $c" audit_base "-c $c" $c @@ -149,7 +153,7 @@ audit_base_all() { [ $last_rc -gt 1 ] && rc=$last_rc done - case $daily_status_security_baseaudit_jails in + case $security_status_baseaudit_jails in \*) jails=$(jls -q -h name path | sed -e 1d -e 's/ /|/') ;; @@ -159,7 +163,7 @@ audit_base_all() { *) # Given the jail name or jid, find the jail path jails= - for j in $daily_status_security_baseaudit_jails ; do + for j in $security_status_baseaudit_jails ; do p=$(jls -j $j -h name path | sed -e 1d -e 's/ /|/') jails="${jails} ${p}" done @@ -177,11 +181,16 @@ audit_base_all() { return $rc } +security_daily_compat_var security_status_baseaudit_enable +security_daily_compat_var security_status_baseaudit_quiet +security_daily_compat_var security_status_baseaudit_chroots +security_daily_compat_var security_status_baseaudit_jails +security_daily_compat_var security_status_baseaudit_exipiry + rc=0 -case "${daily_status_security_baseaudit_enable:-YES}" in -[Nn][Oo]) ;; -*) +if check_yesno_period security_status_baseaudit_enable +then echo echo 'Checking for security vulnerabilities in base (userland & kernel):' @@ -189,7 +198,7 @@ case "${daily_status_security_baseaudit_enable:-YES}" echo 'pkg-audit is enabled but pkg is not used' rc=2 else - case "${daily_status_security_baseaudit_quiet:-NO}" in + case "${security_status_baseaudit_quiet}" in [Yy][Ee][Ss]) q='-q' ;; @@ -200,7 +209,6 @@ case "${daily_status_security_baseaudit_enable:-YES}" audit_base_all ; rc=$? fi - ;; -esac +fi exit "$rc" Added: head/security/base-audit/pkg-message ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/base-audit/pkg-message Fri Jan 12 15:29:00 2018 (r458854) @@ -0,0 +1,15 @@ +Add the following lines to /etc/periodic.conf(.local) to enable periodic check + security_status_baseaudit_enable="YES" + security_status_baseaudit_quiet="NO" + +Use pkg_chroots to provide a default list of chroots +and pkg_jails to provide a default list of jails (or '*' for all jails) +for all pkg periodic scripts, or set + security_status_baseaudit_chroots +and + security_status_baseaudit_jails +for this script only. + +You can also change following variables: + security_status_baseaudit_period="daily" + security_status_baseaudit_expiry="2"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201801121529.w0CFT0hx095538>