Date: Tue, 10 Aug 2021 02:03:32 GMT From: Dan Langille <dvl@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: a5bd3edbfb49 - main - security/base-audit: Add the ability to specify ignored jails Message-ID: <202108100203.17A23WHl067830@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by dvl: URL: https://cgit.FreeBSD.org/ports/commit/?id=a5bd3edbfb4991f75ec5f2a5580e164f5e977fb4 commit a5bd3edbfb4991f75ec5f2a5580e164f5e977fb4 Author: Dan Langille <dvl@FreeBSD.org> AuthorDate: 2021-08-10 02:01:00 +0000 Commit: Dan Langille <dvl@FreeBSD.org> CommitDate: 2021-08-10 02:03:29 +0000 security/base-audit: Add the ability to specify ignored jails security_status_baseaudit_jails_ignore is a space delimited list of jails to ignore. If non-empty, the code iterates over security_status_baseaudit_jails_ignore to avoid partial matches (i.e. ignore foo.bar, but not foo). If there is a better way to do that without looping, please let me know. Example use case: I have jails which purposely are older vulnerable versions for testing. PR: 257685 Approved by: 000.fbsd@quip.cz (maintainer) --- security/base-audit/Makefile | 2 +- security/base-audit/files/405.pkg-base-audit.in | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/security/base-audit/Makefile b/security/base-audit/Makefile index 0911dc27d3fe..f6233a937f9e 100644 --- a/security/base-audit/Makefile +++ b/security/base-audit/Makefile @@ -1,7 +1,7 @@ # Created by: Miroslav Lachman PORTNAME= base-audit -PORTVERSION= 0.4 +PORTVERSION= 0.5 CATEGORIES= security MASTER_SITES= # none DISTFILES= # none diff --git a/security/base-audit/files/405.pkg-base-audit.in b/security/base-audit/files/405.pkg-base-audit.in old mode 100644 new mode 100755 index f8664346d590..f607a5929fc7 --- a/security/base-audit/files/405.pkg-base-audit.in +++ b/security/base-audit/files/405.pkg-base-audit.in @@ -40,6 +40,7 @@ fi : ${security_status_baseaudit_quiet:=NO} : ${security_status_baseaudit_chroots=$pkg_chroots} : ${security_status_baseaudit_jails=$pkg_jails} +: ${security_status_baseaudit_jails_ignore=""} : ${security_status_baseaudit_expiry:=2} # Compute PKG_DBDIR from the config file. @@ -166,6 +167,19 @@ audit_base_all() { esac for j in $jails ; do + # ignore some jails + if [ -n "$security_status_baseaudit_jails_ignore" ]; then + # we iterate to get exact matches because we want substring matches + # foo should not match foo.bar + for ignore in $security_status_baseaudit_jails_ignore ; do + if [ "${j%|*}" == "$ignore" ]; then + echo + echo "ignoring jail: ${j%|*}" + # continue with the main loop + continue 2 + fi + done + fi echo echo "jail: ${j%|*}" audit_base "-j ${j%|*}" ${j##*|}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108100203.17A23WHl067830>