git: c85caa3933d0 - main - security/rkhunter: Modernize and correct the periodic script

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Fernando Apesteguía <fernape_at_FreeBSD.org>
Date: Fri, 28 Jul 2023 06:31:52 UTC
The branch main has been updated by fernape:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c85caa3933d08274a9ba9b1be16ee8af5583b99a

commit c85caa3933d08274a9ba9b1be16ee8af5583b99a
Author:     Helge Oldach <freebsd@oldach.net>
AuthorDate: 2023-07-27 06:42:27 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-07-28 06:31:32 +0000

    security/rkhunter: Modernize and correct the periodic script
    
    Modernize the script but use a compatibility shim to maintain previous
    variables.
    
    PR:             272516
    Reported by:    freebsd@oldach.net
    Approved by:    lukasz@wasikowski.net (maintainer)
---
 security/rkhunter/Makefile              |  2 +-
 security/rkhunter/files/415.rkhunter.in | 67 ++++++++++++++++-----------------
 security/rkhunter/pkg-message           | 10 +++--
 3 files changed, 40 insertions(+), 39 deletions(-)

diff --git a/security/rkhunter/Makefile b/security/rkhunter/Makefile
index f5ed7d474a72..f5c2ef749bdd 100644
--- a/security/rkhunter/Makefile
+++ b/security/rkhunter/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	rkhunter
 PORTVERSION=	1.4.6
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	SF
 
diff --git a/security/rkhunter/files/415.rkhunter.in b/security/rkhunter/files/415.rkhunter.in
index b35e70f724b1..4e33dc5ab443 100644
--- a/security/rkhunter/files/415.rkhunter.in
+++ b/security/rkhunter/files/415.rkhunter.in
@@ -2,10 +2,12 @@
 
 # This is a maintenance shell script for the rkhunter security tool.
 # You can enable this script in /etc/periodic.conf file by putting these lines into it:
-#	daily_rkhunter_update_enable="YES"
-#	daily_rkhunter_update_flags="--update --nocolors"
-#	daily_rkhunter_check_enable="YES"
-#	daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"
+#	security_rkhunter_update_enable="YES"
+#	security_rkhunter_update_period="daily"
+#	security_rkhunter_update_flags="--update --nocolors"
+#	security_rkhunter_check_enable="YES"
+#	security_rkhunter_check_period="daily"
+#	security_rkhunter_check_flags="--checkall --nocolors --skip-keypress"
 #
 # Written by: Gabor Kovesdan <gabor@FreeBSD.org>
 
@@ -14,40 +16,37 @@ if [ -r /etc/defaults/periodic.conf ]; then
    source_periodic_confs
 fi
 
-SLEEP=/bin/sleep
-JOT=/usr/bin/jot
-
-random() {
-	${JOT} -r 1 0 900
-}
-
-: ${daily_rkhunter_update_flags="--update --nocolors"}
-: ${daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"}
+# compatibility with pre-stable/12 style variables
+for type in update check
+do
+	for mode in enable flags
+	do
+		eval old=\"\$daily_rkhunter_${type}_${mode}\"
+		if test -n "$old"
+		then
+			echo "Warning: Variable \$daily_rkhunter_${type}_${mode} is deprecated, use \$security_rkhunter_${type}_${mode} instead." >&2
+			eval : \${security_rkhunter_${type}_${mode}:="\$daily_rkhunter_${type}_${mode}"}
+		fi
+	done
+done
 
-case "$daily_rkhunter_update_enable" in
-  [Yy][Ee][Ss])
+# defaults
+: ${security_rkhunter_update_period:="daily"}
+: ${security_rkhunter_check_period:="daily"}
+: ${security_rkhunter_update_flags:="--update --nocolors"}
+: ${security_rkhunter_check_flags:="--checkall --nocolors --skip-keypress"}
 
+if check_yesno_period security_rkhunter_update_enable
+then
 	echo ""
 	echo "Updating the rkhunter database..."
-	# When non-interactive, sleep to reduce congestion on rkhunter site
-	if [ "$1" != -nodelay ]; then
-		# In FreeBSD 12.0 the anticongestion function should be used
-		# instead of a hard-coded sleep
-		if [ -n "$anticongestion_sleeptime" ]; then
-			anticongestion
-		else
-			${SLEEP} $(random)
-		fi
-	fi
-	%%PREFIX%%/bin/rkhunter ${daily_rkhunter_update_flags}
-	;;
-esac
-
-case "$daily_rkhunter_check_enable" in
-  [Yy][Ee][Ss])
+	anticongestion
+	%%PREFIX%%/bin/rkhunter ${security_rkhunter_update_flags}
+fi
 
+if check_yesno_period security_rkhunter_check_enable
+then
 	echo ""
 	echo "Running rkhunter..."
-	%%PREFIX%%/bin/rkhunter ${daily_rkhunter_check_flags}
-	;;
-esac
+	%%PREFIX%%/bin/rkhunter ${security_rkhunter_check_flags}
+fi
diff --git a/security/rkhunter/pkg-message b/security/rkhunter/pkg-message
index ee7fe15bd879..3a4a2f1bb6ad 100644
--- a/security/rkhunter/pkg-message
+++ b/security/rkhunter/pkg-message
@@ -4,14 +4,16 @@
 You should keep your rkhunter database up-to-date.
 This can be done automatically by putting this line to periodic.conf(5) files:
 
-daily_rkhunter_update_enable="YES"
-daily_rkhunter_update_flags="--update --nocolors"
+security_rkhunter_update_enable="YES"
+security_rkhunter_update_period="daily"
+security_rkhunter_update_flags="--update --nocolors"
 
 Also, you can run rkhunter as a part of the daily security check by
 putting this line to periodic.conf(5) files:
 
-daily_rkhunter_check_enable="YES"
-daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"
+security_rkhunter_check_enable="YES"
+security_rkhunter_check_period="daily"
+security_rkhunter_check_flags="--checkall --nocolors --skip-keypress"
 EOM
 }
 ]