security.functions revision 295130 
156893Sfenner#!/bin/sh
256893Sfenner#
356893Sfenner# Copyright (c) 2001  The FreeBSD Project
456893Sfenner# All rights reserved.
556893Sfenner#
656893Sfenner# Redistribution and use in source and binary forms, with or without
756893Sfenner# modification, are permitted provided that the following conditions
856893Sfenner# are met:
956893Sfenner# 1. Redistributions of source code must retain the above copyright
1056893Sfenner#    notice, this list of conditions and the following disclaimer.
1156893Sfenner# 2. Redistributions in binary form must reproduce the above copyright
1256893Sfenner#    notice, this list of conditions and the following disclaimer in the
1356893Sfenner#    documentation and/or other materials provided with the distribution.
1456893Sfenner#
1556893Sfenner# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
1656893Sfenner# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1756893Sfenner# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1856893Sfenner# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1956893Sfenner# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2057278Sfenner# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2157278Sfenner# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2256893Sfenner# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2356893Sfenner# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2456893Sfenner# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2556893Sfenner# SUCH DAMAGE.
2698527Sfenner#
2756893Sfenner# $FreeBSD: stable/10/etc/periodic/security/security.functions 295130 2016-02-01 22:16:41Z marius $
2856893Sfenner#
2956893Sfenner
3056893Sfenner# This is a library file, so we only try to do something when sourced.
3156893Sfennercase "$0" in
3256893Sfenner*/security.functions) exit 0 ;;
3356893Sfenneresac
3456893Sfenner
3556893Sfennersecurity_daily_compat_var security_status_logdir
3656893Sfennersecurity_daily_compat_var security_status_diff_flags
3756893Sfenner
3856893Sfenner#
3956893Sfenner# Show differences in the output of an audit command
4056893Sfenner#
4156893Sfenner
4256893SfennerLOG="${security_status_logdir}"
4356893Sfennerrc=0
4456893Sfenner
4575118Sfenner# Usage: COMMAND | check_diff [new_only] LABEL - MSG
4656893Sfenner#        COMMAND > TMPFILE; check_diff [new_only] LABEL TMPFILE MSG
4756893Sfenner#   if $1 is new_only, show only the 'new' part of the diff.
4856893Sfenner#   LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files.
4956893Sfenner
5075118Sfennercheck_diff() {
5156893Sfenner  rc=0
5256893Sfenner  if [ "$1" = "new_only" ]; then
5356893Sfenner    shift
5456893Sfenner    filter="grep '^[>+][^+]'"
5556893Sfenner  else
5698527Sfenner    filter="cat"
5756893Sfenner  fi
5856893Sfenner  label="$1"; shift
5975118Sfenner  tmpf="$1"; shift
6098527Sfenner  msg="$1"; shift
6156893Sfenner
6256893Sfenner  if [ "${tmpf}" = "-" ]; then
6375118Sfenner    tmpf=`mktemp -t security`
6456893Sfenner    cat > ${tmpf}
6556893Sfenner  fi
6656893Sfenner
6756893Sfenner  if [ ! -f ${LOG}/${label}.today ]; then
6875118Sfenner    rc=1
6956893Sfenner    echo ""
7075118Sfenner    echo "No ${LOG}/${label}.today"
7156893Sfenner    cp ${tmpf} ${LOG}/${label}.today || rc=3
7275118Sfenner  fi
7356893Sfenner
7456893Sfenner  if ! cmp -s ${LOG}/${label}.today ${tmpf} >/dev/null; then
7598527Sfenner    [ $rc -lt 1 ] && rc=1
7675118Sfenner    echo ""
7798527Sfenner    echo "${msg}"
7898527Sfenner    diff ${security_status_diff_flags} ${LOG}/${label}.today \
7998527Sfenner	${tmpf} | eval "${filter}"
8075118Sfenner    mv ${LOG}/${label}.today ${LOG}/${label}.yesterday || rc=3
8175118Sfenner    mv ${tmpf} ${LOG}/${label}.today || rc=3
8256893Sfenner  fi
8375118Sfenner
8498527Sfenner  rm -f ${tmpf}
8556893Sfenner  exit ${rc}
8656893Sfenner}
8798527Sfenner