1105936Sthomas#!/bin/sh
2105936Sthomas#
3105936Sthomas# Copyright (c) 2001  The FreeBSD Project
4105936Sthomas# All rights reserved.
5105936Sthomas#
6105936Sthomas# Redistribution and use in source and binary forms, with or without
7105936Sthomas# modification, are permitted provided that the following conditions
8105936Sthomas# are met:
9105936Sthomas# 1. Redistributions of source code must retain the above copyright
10105936Sthomas#    notice, this list of conditions and the following disclaimer.
11105936Sthomas# 2. Redistributions in binary form must reproduce the above copyright
12105936Sthomas#    notice, this list of conditions and the following disclaimer in the
13105936Sthomas#    documentation and/or other materials provided with the distribution.
14105936Sthomas#
15105936Sthomas# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16105936Sthomas# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17105936Sthomas# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18105936Sthomas# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19105936Sthomas# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20105936Sthomas# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21105936Sthomas# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22105936Sthomas# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23105936Sthomas# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24105936Sthomas# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25105936Sthomas# SUCH DAMAGE.
26105936Sthomas#
27105936Sthomas# $FreeBSD: releng/10.3/etc/periodic/security/security.functions 295130 2016-02-01 22:16:41Z marius $
28105936Sthomas#
29105936Sthomas
30254974Sjlh# This is a library file, so we only try to do something when sourced.
31254974Sjlhcase "$0" in
32254974Sjlh*/security.functions) exit 0 ;;
33254974Sjlhesac
34254974Sjlh
35254974Sjlhsecurity_daily_compat_var security_status_logdir
36254974Sjlhsecurity_daily_compat_var security_status_diff_flags
37254974Sjlh
38105936Sthomas#
39105936Sthomas# Show differences in the output of an audit command
40105936Sthomas#
41105936Sthomas
42254974SjlhLOG="${security_status_logdir}"
43105936Sthomasrc=0
44105936Sthomas
45105936Sthomas# Usage: COMMAND | check_diff [new_only] LABEL - MSG
46105936Sthomas#        COMMAND > TMPFILE; check_diff [new_only] LABEL TMPFILE MSG
47105936Sthomas#   if $1 is new_only, show only the 'new' part of the diff.
48105936Sthomas#   LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files.
49105936Sthomas
50105936Sthomascheck_diff() {
51105936Sthomas  rc=0
52105936Sthomas  if [ "$1" = "new_only" ]; then
53105936Sthomas    shift
54295130Smarius    filter="grep '^[>+][^+]'"
55105936Sthomas  else
56105936Sthomas    filter="cat"
57105936Sthomas  fi
58105936Sthomas  label="$1"; shift
59105936Sthomas  tmpf="$1"; shift
60105936Sthomas  msg="$1"; shift
61105936Sthomas
62105936Sthomas  if [ "${tmpf}" = "-" ]; then
63117088Smtm    tmpf=`mktemp -t security`
64105936Sthomas    cat > ${tmpf}
65105936Sthomas  fi
66105936Sthomas
67105936Sthomas  if [ ! -f ${LOG}/${label}.today ]; then
68105936Sthomas    rc=1
69105936Sthomas    echo ""
70105936Sthomas    echo "No ${LOG}/${label}.today"
71105936Sthomas    cp ${tmpf} ${LOG}/${label}.today || rc=3
72105936Sthomas  fi
73105936Sthomas
74106988Sthomas  if ! cmp -s ${LOG}/${label}.today ${tmpf} >/dev/null; then
75105936Sthomas    [ $rc -lt 1 ] && rc=1
76105936Sthomas    echo ""
77105936Sthomas    echo "${msg}"
78254974Sjlh    diff ${security_status_diff_flags} ${LOG}/${label}.today \
79135591Sjkoshy	${tmpf} | eval "${filter}"
80105936Sthomas    mv ${LOG}/${label}.today ${LOG}/${label}.yesterday || rc=3
81105936Sthomas    mv ${tmpf} ${LOG}/${label}.today || rc=3
82105936Sthomas  fi
83105936Sthomas
84105936Sthomas  rm -f ${tmpf}
85105936Sthomas  exit ${rc}
86105936Sthomas}
87