f85f7b2 Minor improvements — HardenedBSD-pkg

modified scripts/periodic/400.status-pkg

@@ -12,7 +12,7 @@ case "$weekly_status_pkg_enable" in

     [Yy][Ee][Ss])
 	pkgcmd=/usr/local/sbin/pkg
 	echo ''
 	echo
 	echo 'Checking for out of date packages:'
 	if ${pkgcmd} -N >/dev/null 2>&1 ; then

modified scripts/periodic/410.pkg-audit

@@ -40,44 +40,41 @@ fi

 # Compute PKG_DBDIR from the config file.
 if [ -z "${PKG_DBDIR}" ] && [ -f /usr/local/etc/pkg.conf ]; then
   PKG_DBDIR=`awk 'toupper($1) ~ /PKG_DBDIR/ { print $3 }' \
              < /usr/local/etc/pkg.conf`
 	PKG_DBDIR=`awk 'toupper($1) ~ /PKG_DBDIR/ { print $3 }' \
 		< /usr/local/etc/pkg.conf`
 fi
 : ${PKG_DBDIR="/var/db/pkg"}
 auditfile="${PKG_DBDIR}/auditfile"
 rc=0
 case "${daily_status_security_pkgaudit_enable:-YES}" in
 	[Nn][Oo])
 		;;
 	;;
 	*)
 		pkgcmd=/usr/local/sbin/pkg
 	pkgcmd=/usr/local/sbin/pkg
 		echo
                 echo "Checking for packages with security vulnerabilities:"
 	echo
 	echo 'Checking for packages with security vulnerabilities:'
 		if ${pkgcmd} -N >/dev/null 2>&1 ; then
 			echo 'pkg-audit is enabled but pkg is not used'
 			rc=2
 	if ${pkgcmd} -N >/dev/null 2>&1 ; then
 		echo 'pkg-audit is enabled but pkg is not used'
 		rc=2
 	else
 		then=`stat -f '%m' "${auditfile}" 2> /dev/null` || rc=3
 		now=`date +%s` || rc=3
 		# Add 10 minutes of padding since the check is in seconds.
 		if [ $rc -ne 0 -o \
 			$(( 86400 \* "${daily_status_security_pkgaudit_expiry:-2}" )) \
 			-le $(( ${now} - ${then} + 600 )) ]; then
 			${pkgcmd} audit -Fq || { rc=$?; [ $rc -lt 3 ] && rc=3 }
 		else
 			then=`stat -f '%m' "${auditfile}" 2> /dev/null` || rc=3
 			now=`date +%s` || rc=3
 			# Add 10 minutes of padding since the check is in seconds.
 			if [ $rc -ne 0 -o \
 				$(( 86400 \* "${daily_status_security_pkgaudit_expiry:-2}" )) \
 				-le $(( ${now} - ${then} + 600 )) ]; then
 				${pkgcmd} audit -Fq || {
 				  rc=$?; [ $rc -lt 3 ] && rc=3
 				}
 			else
 				echo -n "Database fetched: ";
 				date -r "${then}" || rc=3
 				${pkgcmd} audit || {
 				  rc=$?; [ $rc -lt 3 ] && rc=3
 				}
 			fi
 			echo -n 'Database fetched: ';
 			date -r "${then}" || rc=3
 			${pkgcmd} audit || { rc=$?; [ $rc -lt 3 ] && rc=3 }
 		fi
 		;;
 	fi
 	;;
 esac
 exit "$rc"

modified scripts/periodic/411.pkg-backup

@@ -5,41 +5,38 @@

 # If there is a global system configuration file, suck it in.
 #
 if [ -r /etc/defaults/periodic.conf ]
 then
     . /etc/defaults/periodic.conf
     source_periodic_confs
 if [ -r /etc/defaults/periodic.conf ]; then
 	. /etc/defaults/periodic.conf
 	source_periodic_confs
 fi
 rc=0
 case "${daily_backup_pkgng_enable:-YES}" in
     [Nn][Oo])
         ;;
     *)
 	[Nn][Oo])
 	;;
 	*)
 	bak="${daily_backup_pkgng_dir:-/var/backups}"
 	bak_file="${bak}/pkgng.db"
 	pkgcmd=/usr/local/sbin/pkg
 	if ${pkgcmd} -N >/dev/null 2>&1 ; then
 	    echo 'pkg-backup is enabled but pkg is not used'
 	    rc=2
 		echo 'pkg-backup is enabled but pkg is not used'
 		rc=2
  	else
 		if [ ! -d "$bak" ]
 		then
 			install -d -o root -g wheel -m 750 $bak || {
 			echo '$daily_backup_pkgng_enable is enabled but' \
 			echo 'pkg-backup is enabled but' \
 				"$daily_backup_pkgng_dbdir doesn't exist" ;
 			exit 2 ; }
 		fi
 		echo ''
 		echo
 		echo 'Backing up pkgng database:'
 		if [ -e "${bak_file}.txz" ]; then
 			unlink "${bak_file}.txz.2"
 			mv "${bak_file}.txz" "${bak_file}.txz.2"
 		fi
 		[ -e "${bak_file}.txz" ] && \
 			mv -f "${bak_file}.txz" "${bak_file}.txz.2"
 		if ${pkgcmd} backup -d ${bak_file} 2>/dev/null; then
 			rc=0

modified scripts/periodic/460.chkpkgsum

@@ -4,22 +4,22 @@

 #
 if [ -r /etc/defaults/periodic.conf ]; then
     . /etc/defaults/periodic.conf
     source_periodic_confs
 	. /etc/defaults/periodic.conf
 	source_periodic_confs
 fi
 . /etc/periodic/security/security.functions
 case "${daily_status_security_chkpkgsum_enable}" in
     [Yy][Ee][Ss])
 	[Yy][Ee][Ss])
 	pkgcmd=/usr/local/sbin/pkg
 	echo ''
 	echo
 	echo 'Checking for packages with mismatched checksums:'
 	if ${pkgcmd} -N >/dev/null 2>&1 ; then
 	    echo 'chkpkgsum is enabled but pkg is not used'
 	    rc=2
 		echo 'chkpkgsum is enabled but pkg is not used'
 		rc=2
 	else
 		rc=$(${pkgcmd} check -sa 2>&1 |
 		sed -e 's/ checksum mismatch for//' |

@@ -28,7 +28,7 @@ case "${daily_status_security_chkpkgsum_enable}" in

 		[ $rc -gt 1 ] && rc=1
 	fi
 	;;
     *)
 	*)
 	rc=0
 	;;
 esac

modified scripts/periodic/490.status-pkg-changes

@@ -4,35 +4,35 @@

 #
 if [ -r /etc/defaults/periodic.conf ]; then
     . /etc/defaults/periodic.conf
     source_periodic_confs
 	. /etc/defaults/periodic.conf
 	source_periodic_confs
 fi
 case "$daily_status_pkg_changes_enable" in
     [Yy][Ee][Ss])
 	[Yy][Ee][Ss])
 	pkgcmd=/usr/local/sbin/pkg
 	echo ''
 	echo
 	echo 'Changes in installed packages:'
 	if ${pkgcmd} -N >/dev/null 2>&1 ; then
 	    echo 'status-pkg-changes is enabled but pkg is not used'
 	    rc=2
 		echo 'status-pkg-changes is enabled but pkg is not used'
 		rc=2
 	else
 	    bak=/var/backups
 	    rc=0
 		bak=/var/backups
 		rc=0
 	    [ -r $bak/pkg.bak ] && mv -f $bak/pkg.bak $bak/pkg.bak2
 	    ${pkgcmd} info > $bak/pkg.bak
 		[ -r $bak/pkg.bak ] && mv -f $bak/pkg.bak $bak/pkg.bak2
 		${pkgcmd} info > $bak/pkg.bak
 	    cmp -sz $bak/pkg.bak $bak/pkg.bak2
 	    if [ $? -eq 1 ]; then
 		diff -U 0 $bak/pkg.bak2 $bak/pkg.bak \
 		| grep '^[-+][^-+]' | sort -k 1.2
 	    fi
 		cmp -sz $bak/pkg.bak $bak/pkg.bak2
 		if [ $? -eq 1 ]; then
 			diff -U 0 $bak/pkg.bak2 $bak/pkg.bak \
 			| grep '^[-+][^-+]' | sort -k 1.2
 		fi
 	fi
 	;;
     *)
 	*)
 	rc=0
 	;;
 esac