security.functions revision 295130
156893Sfenner#!/bin/sh 256893Sfenner# 356893Sfenner# Copyright (c) 2001 The FreeBSD Project 456893Sfenner# All rights reserved. 556893Sfenner# 656893Sfenner# Redistribution and use in source and binary forms, with or without 756893Sfenner# modification, are permitted provided that the following conditions 856893Sfenner# are met: 956893Sfenner# 1. Redistributions of source code must retain the above copyright 1056893Sfenner# notice, this list of conditions and the following disclaimer. 1156893Sfenner# 2. Redistributions in binary form must reproduce the above copyright 1256893Sfenner# notice, this list of conditions and the following disclaimer in the 1356893Sfenner# documentation and/or other materials provided with the distribution. 1456893Sfenner# 1556893Sfenner# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1656893Sfenner# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1756893Sfenner# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1856893Sfenner# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1956893Sfenner# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2057278Sfenner# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2157278Sfenner# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2256893Sfenner# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2356893Sfenner# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2456893Sfenner# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2556893Sfenner# SUCH DAMAGE. 2698527Sfenner# 2756893Sfenner# $FreeBSD: stable/10/etc/periodic/security/security.functions 295130 2016-02-01 22:16:41Z marius $ 2856893Sfenner# 2956893Sfenner 3056893Sfenner# This is a library file, so we only try to do something when sourced. 3156893Sfennercase "$0" in 3256893Sfenner*/security.functions) exit 0 ;; 3356893Sfenneresac 3456893Sfenner 3556893Sfennersecurity_daily_compat_var security_status_logdir 3656893Sfennersecurity_daily_compat_var security_status_diff_flags 3756893Sfenner 3856893Sfenner# 3956893Sfenner# Show differences in the output of an audit command 4056893Sfenner# 4156893Sfenner 4256893SfennerLOG="${security_status_logdir}" 4356893Sfennerrc=0 4456893Sfenner 4575118Sfenner# Usage: COMMAND | check_diff [new_only] LABEL - MSG 4656893Sfenner# COMMAND > TMPFILE; check_diff [new_only] LABEL TMPFILE MSG 4756893Sfenner# if $1 is new_only, show only the 'new' part of the diff. 4856893Sfenner# LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files. 4956893Sfenner 5075118Sfennercheck_diff() { 5156893Sfenner rc=0 5256893Sfenner if [ "$1" = "new_only" ]; then 5356893Sfenner shift 5456893Sfenner filter="grep '^[>+][^+]'" 5556893Sfenner else 5698527Sfenner filter="cat" 5756893Sfenner fi 5856893Sfenner label="$1"; shift 5975118Sfenner tmpf="$1"; shift 6098527Sfenner msg="$1"; shift 6156893Sfenner 6256893Sfenner if [ "${tmpf}" = "-" ]; then 6375118Sfenner tmpf=`mktemp -t security` 6456893Sfenner cat > ${tmpf} 6556893Sfenner fi 6656893Sfenner 6756893Sfenner if [ ! -f ${LOG}/${label}.today ]; then 6875118Sfenner rc=1 6956893Sfenner echo "" 7075118Sfenner echo "No ${LOG}/${label}.today" 7156893Sfenner cp ${tmpf} ${LOG}/${label}.today || rc=3 7275118Sfenner fi 7356893Sfenner 7456893Sfenner if ! cmp -s ${LOG}/${label}.today ${tmpf} >/dev/null; then 7598527Sfenner [ $rc -lt 1 ] && rc=1 7675118Sfenner echo "" 7798527Sfenner echo "${msg}" 7898527Sfenner diff ${security_status_diff_flags} ${LOG}/${label}.today \ 7998527Sfenner ${tmpf} | eval "${filter}" 8075118Sfenner mv ${LOG}/${label}.today ${LOG}/${label}.yesterday || rc=3 8175118Sfenner mv ${tmpf} ${LOG}/${label}.today || rc=3 8256893Sfenner fi 8375118Sfenner 8498527Sfenner rm -f ${tmpf} 8556893Sfenner exit ${rc} 8656893Sfenner} 8798527Sfenner