1105936Sthomas#!/bin/sh 2105936Sthomas# 3105936Sthomas# Copyright (c) 2001 The FreeBSD Project 4105936Sthomas# All rights reserved. 5105936Sthomas# 6105936Sthomas# Redistribution and use in source and binary forms, with or without 7105936Sthomas# modification, are permitted provided that the following conditions 8105936Sthomas# are met: 9105936Sthomas# 1. Redistributions of source code must retain the above copyright 10105936Sthomas# notice, this list of conditions and the following disclaimer. 11105936Sthomas# 2. Redistributions in binary form must reproduce the above copyright 12105936Sthomas# notice, this list of conditions and the following disclaimer in the 13105936Sthomas# documentation and/or other materials provided with the distribution. 14105936Sthomas# 15105936Sthomas# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16105936Sthomas# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17105936Sthomas# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18105936Sthomas# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19105936Sthomas# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20105936Sthomas# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21105936Sthomas# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22105936Sthomas# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23105936Sthomas# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24105936Sthomas# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25105936Sthomas# SUCH DAMAGE. 26105936Sthomas# 27105936Sthomas# $FreeBSD: releng/10.3/etc/periodic/security/security.functions 295130 2016-02-01 22:16:41Z marius $ 28105936Sthomas# 29105936Sthomas 30254974Sjlh# This is a library file, so we only try to do something when sourced. 31254974Sjlhcase "$0" in 32254974Sjlh*/security.functions) exit 0 ;; 33254974Sjlhesac 34254974Sjlh 35254974Sjlhsecurity_daily_compat_var security_status_logdir 36254974Sjlhsecurity_daily_compat_var security_status_diff_flags 37254974Sjlh 38105936Sthomas# 39105936Sthomas# Show differences in the output of an audit command 40105936Sthomas# 41105936Sthomas 42254974SjlhLOG="${security_status_logdir}" 43105936Sthomasrc=0 44105936Sthomas 45105936Sthomas# Usage: COMMAND | check_diff [new_only] LABEL - MSG 46105936Sthomas# COMMAND > TMPFILE; check_diff [new_only] LABEL TMPFILE MSG 47105936Sthomas# if $1 is new_only, show only the 'new' part of the diff. 48105936Sthomas# LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files. 49105936Sthomas 50105936Sthomascheck_diff() { 51105936Sthomas rc=0 52105936Sthomas if [ "$1" = "new_only" ]; then 53105936Sthomas shift 54295130Smarius filter="grep '^[>+][^+]'" 55105936Sthomas else 56105936Sthomas filter="cat" 57105936Sthomas fi 58105936Sthomas label="$1"; shift 59105936Sthomas tmpf="$1"; shift 60105936Sthomas msg="$1"; shift 61105936Sthomas 62105936Sthomas if [ "${tmpf}" = "-" ]; then 63117088Smtm tmpf=`mktemp -t security` 64105936Sthomas cat > ${tmpf} 65105936Sthomas fi 66105936Sthomas 67105936Sthomas if [ ! -f ${LOG}/${label}.today ]; then 68105936Sthomas rc=1 69105936Sthomas echo "" 70105936Sthomas echo "No ${LOG}/${label}.today" 71105936Sthomas cp ${tmpf} ${LOG}/${label}.today || rc=3 72105936Sthomas fi 73105936Sthomas 74106988Sthomas if ! cmp -s ${LOG}/${label}.today ${tmpf} >/dev/null; then 75105936Sthomas [ $rc -lt 1 ] && rc=1 76105936Sthomas echo "" 77105936Sthomas echo "${msg}" 78254974Sjlh diff ${security_status_diff_flags} ${LOG}/${label}.today \ 79135591Sjkoshy ${tmpf} | eval "${filter}" 80105936Sthomas mv ${LOG}/${label}.today ${LOG}/${label}.yesterday || rc=3 81105936Sthomas mv ${tmpf} ${LOG}/${label}.today || rc=3 82105936Sthomas fi 83105936Sthomas 84105936Sthomas rm -f ${tmpf} 85105936Sthomas exit ${rc} 86105936Sthomas} 87