security.functions revision 326326 
133965Sjdp#!/bin/sh
278828Sobrien#
3218822Sdim# Copyright (c) 2001  The FreeBSD Project
4218822Sdim# All rights reserved.
5218822Sdim#
678828Sobrien# Redistribution and use in source and binary forms, with or without
778828Sobrien# modification, are permitted provided that the following conditions
878828Sobrien# are met:
978828Sobrien# 1. Redistributions of source code must retain the above copyright
1078828Sobrien#    notice, this list of conditions and the following disclaimer.
1178828Sobrien# 2. Redistributions in binary form must reproduce the above copyright
1278828Sobrien#    notice, this list of conditions and the following disclaimer in the
1378828Sobrien#    documentation and/or other materials provided with the distribution.
1478828Sobrien#
1578828Sobrien# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
1678828Sobrien# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1778828Sobrien# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18218822Sdim# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19218822Sdim# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20218822Sdim# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2133965Sjdp# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2233965Sjdp# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2333965Sjdp# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2433965Sjdp# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2533965Sjdp# SUCH DAMAGE.
2633965Sjdp#
2733965Sjdp# $FreeBSD: stable/10/etc/periodic/security/security.functions 326326 2017-11-28 17:27:00Z asomers $
2833965Sjdp#
2933965Sjdp
3033965Sjdp# This is a library file, so we only try to do something when sourced.
3160484Sobriencase "$0" in
3260484Sobrien*/security.functions) exit 0 ;;
3360484Sobrienesac
3460484Sobrien
3533965Sjdpsecurity_daily_compat_var security_status_logdir
3633965Sjdpsecurity_daily_compat_var security_status_diff_flags
3733965Sjdp
38218822Sdim#
3933965Sjdp# Show differences in the output of an audit command
40218822Sdim#
41218822Sdim
4233965SjdpLOG="${security_status_logdir}"
4333965Sjdprc=0
4433965Sjdp
4533965Sjdp# Usage: COMMAND | check_diff [new_only] LABEL - MSG
4633965Sjdp#        COMMAND > TMPFILE; check_diff [new_only] LABEL TMPFILE MSG
4733965Sjdp#   if $1 is new_only, show only the 'new' part of the diff.
4833965Sjdp#   LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files.
4933965Sjdp
5033965Sjdpcheck_diff() {
5133965Sjdp  unset IFS
52218822Sdim  rc=0
5333965Sjdp  if [ "$1" = "new_only" ]; then
5433965Sjdp    shift
5533965Sjdp    filter="grep '^[>+][^+]'"
5633965Sjdp  else
5733965Sjdp    filter="cat"
5833965Sjdp  fi
5933965Sjdp  label="$1"; shift
6033965Sjdp  tmpf="$1"; shift
6133965Sjdp  msg="$1"; shift
62218822Sdim
63218822Sdim  if [ "${tmpf}" = "-" ]; then
6433965Sjdp    tmpf=`mktemp -t security`
65130561Sobrien    cat > ${tmpf}
66130561Sobrien  fi
6733965Sjdp
6833965Sjdp  if [ ! -f ${LOG}/${label}.today ]; then
6933965Sjdp    rc=1
7033965Sjdp    echo ""
7133965Sjdp    echo "No ${LOG}/${label}.today"
7233965Sjdp    cp ${tmpf} ${LOG}/${label}.today || rc=3
7333965Sjdp  fi
7433965Sjdp
7533965Sjdp  if ! cmp -s ${LOG}/${label}.today ${tmpf} >/dev/null; then
7633965Sjdp    [ $rc -lt 1 ] && rc=1
7733965Sjdp    echo ""
7833965Sjdp    echo "${msg}"
7991041Sobrien    diff ${security_status_diff_flags} ${LOG}/${label}.today \
8091041Sobrien	${tmpf} | eval "${filter}"
8191041Sobrien    mv ${LOG}/${label}.today ${LOG}/${label}.yesterday || rc=3
8291041Sobrien    mv ${tmpf} ${LOG}/${label}.today || rc=3
83218822Sdim  fi
8433965Sjdp
8577298Sobrien  rm -f ${tmpf}
8677298Sobrien  exit ${rc}
8777298Sobrien}
8877298Sobrien