FreeBSD Bugzilla – Attachment 189378 Details for
Bug 224239
security/base-audit: update to 0.2
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
updated port version 0.2
base-audit-0.2.patch (text/plain), 5.57 KB, created by
Miroslav Lachman
on 2018-01-03 21:53:26 UTC
(
hide
)
Description:
updated port version 0.2
Filename:
MIME Type:
Creator:
Miroslav Lachman
Created:
2018-01-03 21:53:26 UTC
Size:
5.57 KB
patch
obsolete
>diff -r -u -N base-audit.orig/Makefile base-audit/Makefile >--- base-audit.orig/Makefile 2017-12-13 22:33:31.000000000 +0100 >+++ base-audit/Makefile 2018-01-03 22:05:59.077818743 +0100 >@@ -2,8 +2,7 @@ > # $FreeBSD$ > > PORTNAME= base-audit >-PORTVERSION= 0.1 >-PORTREVISION= 1 >+PORTVERSION= 0.2 > CATEGORIES= security > MASTER_SITES= # none > DISTFILES= # none >@@ -19,7 +18,7 @@ > NO_BUILD= yes > NO_INSTALL= yes > >-SUB_FILES= 405.pkg-base-audit pkg-message >+SUB_FILES= 405.pkg-base-audit > > PERIODIC_SECURITY= etc/periodic/security > >diff -r -u -N base-audit.orig/files/405.pkg-base-audit.in base-audit/files/405.pkg-base-audit.in >--- base-audit.orig/files/405.pkg-base-audit.in 2017-12-13 21:46:53.000000000 +0100 >+++ base-audit/files/405.pkg-base-audit.in 2018-01-03 21:50:49.209878568 +0100 >@@ -38,6 +38,13 @@ > source_periodic_confs > fi > >+: ${security_status_baseaudit_enable:=YES} >+: ${security_status_baseaudit_period:=daily} >+: ${security_status_baseaudit_quiet:=NO} >+: ${security_status_baseaudit_chroots=$pkg_chroots} >+: ${security_status_baseaudit_jails=$pkg_jails} >+: ${security_status_baseaudit_expiry:=2} >+ > # Compute PKG_DBDIR from the config file. > pkgcmd=%%PREFIX%%/sbin/pkg > PKG_DBDIR=`${pkgcmd} config PKG_DBDIR` >@@ -91,7 +98,7 @@ > now=`date +%s` || rc=3 > ## Add 10 minutes of padding since the check is in seconds. > if [ $rc -ne 0 -o \ >- $(( 86400 \* "${daily_status_security_baseaudit_expiry:-2}" )) \ >+ $(( 86400 \* "${security_status_baseaudit_expiry}" )) \ > -le $(( ${now} - ${then} + 600 )) ]; then > ## Random delay so the mirrors do not get slammed when run by periodic(8) > if [ ! -t 0 ]; then >@@ -117,23 +124,20 @@ > # Use $pkg_chroots to provide a default list of chroots, and > # $pkg_jails to provide a default list of jails (or '*' for all jails) > # for all pkg periodic scripts, or set >-# $daily_status_security_baseaudit_chroots and >-# $daily_status_security_baseaudit_jails for this script only. >+# $security_status_baseaudit_chroots and >+# $security_status_baseaudit_jails for this script only. > > audit_base_all() { > local rc > local last_rc > local jails > >- : ${daily_status_security_baseaudit_chroots=$pkg_chroots} >- : ${daily_status_security_baseaudit_jails=$pkg_jails} >- > # We always show audit results for the base system, but only print > # a banner line if we're also showing audit results for any > # chroots or jails. > >- if [ -n "${daily_status_security_baseaudit_chroots}" -o \ >- -n "${daily_status_security_baseaudit_jails}" ]; then >+ if [ -n "${security_status_baseaudit_chroots}" -o \ >+ -n "${security_status_baseaudit_jails}" ]; then > echo "Host system:" > fi > >@@ -141,7 +145,7 @@ > last_rc=$? > [ $last_rc -gt 1 ] && rc=$last_rc > >- for c in $daily_status_security_baseaudit_chroots ; do >+ for c in $security_status_baseaudit_chroots ; do > echo > echo "chroot: $c" > audit_base "-c $c" $c >@@ -149,7 +153,7 @@ > [ $last_rc -gt 1 ] && rc=$last_rc > done > >- case $daily_status_security_baseaudit_jails in >+ case $security_status_baseaudit_jails in > \*) > jails=$(jls -q -h name path | sed -e 1d -e 's/ /|/') > ;; >@@ -159,7 +163,7 @@ > *) > # Given the jail name or jid, find the jail path > jails= >- for j in $daily_status_security_baseaudit_jails ; do >+ for j in $security_status_baseaudit_jails ; do > p=$(jls -j $j -h name path | sed -e 1d -e 's/ /|/') > jails="${jails} ${p}" > done >@@ -177,11 +181,16 @@ > return $rc > } > >+security_daily_compat_var security_status_baseaudit_enable >+security_daily_compat_var security_status_baseaudit_quiet >+security_daily_compat_var security_status_baseaudit_chroots >+security_daily_compat_var security_status_baseaudit_jails >+security_daily_compat_var security_status_baseaudit_exipiry >+ > rc=0 > >-case "${daily_status_security_baseaudit_enable:-YES}" in >-[Nn][Oo]) ;; >-*) >+if check_yesno_period security_status_baseaudit_enable >+then > echo > echo 'Checking for security vulnerabilities in base (userland & kernel):' > >@@ -189,7 +198,7 @@ > echo 'pkg-audit is enabled but pkg is not used' > rc=2 > else >- case "${daily_status_security_baseaudit_quiet:-NO}" in >+ case "${security_status_baseaudit_quiet}" in > [Yy][Ee][Ss]) > q='-q' > ;; >@@ -200,7 +209,6 @@ > > audit_base_all ; rc=$? > fi >- ;; >-esac >+fi > > exit "$rc" >diff -r -u -N base-audit.orig/files/pkg-message.in base-audit/files/pkg-message.in >--- base-audit.orig/files/pkg-message.in 2017-12-13 21:46:53.000000000 +0100 >+++ base-audit/files/pkg-message.in 1970-01-01 01:00:00.000000000 +0100 >@@ -1,11 +0,0 @@ >-Add the following lines to /etc/periodic.conf(.local) to enable periodic check >- daily_status_security_baseaudit_enable="YES" >- daily_status_security_baseaudit_quiet="NO" >- >-Use pkg_chroots to provide a default list of chroots >-and pkg_jails to provide a default list of jails (or '*' for all jails) >-for all pkg periodic scripts, or set >- daily_status_security_baseaudit_chroots >-and >- daily_status_security_baseaudit_jails >-for this script only. >diff -r -u -N base-audit.orig/pkg-message base-audit/pkg-message >--- base-audit.orig/pkg-message 1970-01-01 01:00:00.000000000 +0100 >+++ base-audit/pkg-message 2018-01-03 22:02:05.275832036 +0100 >@@ -0,0 +1,15 @@ >+Add the following lines to /etc/periodic.conf(.local) to enable periodic check >+ security_status_baseaudit_enable="YES" >+ security_status_baseaudit_quiet="NO" >+ >+Use pkg_chroots to provide a default list of chroots >+and pkg_jails to provide a default list of jails (or '*' for all jails) >+for all pkg periodic scripts, or set >+ security_status_baseaudit_chroots >+and >+ security_status_baseaudit_jails >+for this script only. >+ >+You can also change following variables: >+ security_status_baseaudit_period="daily" >+ security_status_baseaudit_expiry="2"
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=189378">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 224239
:
188706
|
188871
| 189378 |
189379