git: ad528e1c8370 - main - security/base-audit: Remove port
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 18 Jul 2022 16:12:52 UTC
The branch main has been updated by yasu: URL: https://cgit.FreeBSD.org/ports/commit/?id=ad528e1c8370284c561f4b4800337735c02b0440 commit ad528e1c8370284c561f4b4800337735c02b0440 Author: Yasuhiro Kimura <yasu@FreeBSD.org> AuthorDate: 2022-07-18 16:09:03 +0000 Commit: Yasuhiro Kimura <yasu@FreeBSD.org> CommitDate: 2022-07-18 16:09:03 +0000 security/base-audit: Remove port * Remove port as 405.pkg-base-audit, core file of the port, is merged into ports-mgmt/pkg with pkg 1.18.1. * Add entry to MOVED PR: 264878 Approved by: maintainer --- MOVED | 1 + security/Makefile | 1 - security/base-audit/Makefile | 31 ---- security/base-audit/files/405.pkg-base-audit.in | 223 ------------------------ security/base-audit/pkg-descr | 4 - security/base-audit/pkg-message | 21 --- 6 files changed, 1 insertion(+), 280 deletions(-) diff --git a/MOVED b/MOVED index e28e12e763e3..1e0a14611d22 100644 --- a/MOVED +++ b/MOVED @@ -17507,3 +17507,4 @@ www/rubygem-uglifier-node16|www/rubygem-uglifier|2022-07-13|Remove obsoleted por audio/espeak|audio/espeak-ng|2022-07-15|Switch to fork of (stale) original repository misc/ngraph||2022-07-15|Software is discontinued because its developer Nervana Systems is defunct math/hipmcl||2022-07-16|Discontinued: old versions aren't compatible with new combblas-2.0, latest versions require CUDA that is not available on FreeBSD +security/base-audit|ports-mgmt/pkg|2022-07-17|Merged into ports-mgmt/pkg diff --git a/security/Makefile b/security/Makefile index b2a3cf41dda3..5c0317e122fd 100644 --- a/security/Makefile +++ b/security/Makefile @@ -40,7 +40,6 @@ SUBDIR += aws-vault SUBDIR += barnyard2 SUBDIR += barnyard2-sguil - SUBDIR += base-audit SUBDIR += bastillion SUBDIR += bcrypt SUBDIR += bcwipe diff --git a/security/base-audit/Makefile b/security/base-audit/Makefile deleted file mode 100644 index f6233a937f9e..000000000000 --- a/security/base-audit/Makefile +++ /dev/null @@ -1,31 +0,0 @@ -# Created by: Miroslav Lachman - -PORTNAME= base-audit -PORTVERSION= 0.5 -CATEGORIES= security -MASTER_SITES= # none -DISTFILES= # none - -MAINTAINER= 000.fbsd@quip.cz -COMMENT= Daily periodic check of vulnerabilities in base system - -LICENSE= BSD3CLAUSE - -RUN_DEPENDS= ${LOCALBASE}/sbin/pkg:${PKG_ORIGIN} - -NO_ARCH= yes -NO_BUILD= yes -NO_INSTALL= yes - -SUB_FILES= 405.pkg-base-audit - -PERIODIC_SECURITY= etc/periodic/security - -PLIST_FILES= ${PERIODIC_SECURITY}/405.pkg-base-audit - -do-install: - @${MKDIR} ${STAGEDIR}${PREFIX}/${PERIODIC_SECURITY} - ${INSTALL_SCRIPT} ${WRKDIR}/405.pkg-base-audit \ - ${STAGEDIR}${PREFIX}/${PERIODIC_SECURITY} - -.include <bsd.port.mk> diff --git a/security/base-audit/files/405.pkg-base-audit.in b/security/base-audit/files/405.pkg-base-audit.in deleted file mode 100755 index f607a5929fc7..000000000000 --- a/security/base-audit/files/405.pkg-base-audit.in +++ /dev/null @@ -1,223 +0,0 @@ -#!/bin/sh -f -# -# Copyright (c) 2004 Oliver Eikemeier. All rights reserved. -# Copyright (c) 2014 Matthew Seaman <matthew@FreeBSD.org> -# Copyright (c) 2016 Miroslav Lachman <000.fbsd@quip.cz> -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: -# -# 1. Redistributions of source code must retain the above copyright notice -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# 3. Neither the name of the author nor the names of its contributors may be -# used to endorse or promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -if [ -r /etc/defaults/periodic.conf ]; then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - -: ${security_status_baseaudit_enable:=YES} -: ${security_status_baseaudit_period:=daily} -: ${security_status_baseaudit_quiet:=NO} -: ${security_status_baseaudit_chroots=$pkg_chroots} -: ${security_status_baseaudit_jails=$pkg_jails} -: ${security_status_baseaudit_jails_ignore=""} -: ${security_status_baseaudit_expiry:=2} - -# Compute PKG_DBDIR from the config file. -pkgcmd=%%PREFIX%%/sbin/pkg -PKG_DBDIR=`${pkgcmd} config PKG_DBDIR` -auditfile="${PKG_DBDIR}/vuln.xml" - -audit_base() { - local pkgargs="$1" - local basedir="$2" - local rc - local then - local now - local usrlv - local krnlv - local strlen - local chrootv - local jailv - local jid - - ## get version from chroot - if [ -n "`echo "$pkgargs" | egrep '^-c'`" ]; then - if [ -x "$basedir/bin/freebsd-version" ]; then - chrootv=$($basedir/bin/freebsd-version -u) - ## safety check - strlen - strlen=$(echo "$chrootv" | wc -c) - if [ $strlen -gt 17 -o $strlen -lt 11 ]; then - echo "Wrong version string, cannot run audit" - return 3 - fi - usrlv=$(echo $chrootv | sed 's,^,FreeBSD-,;s,-RELEASE-p,_,;s,-RELEASE$,,') - else - echo "Cannot guess chroot version" - return 3 - fi - ## get version from jail - elif [ -n "`echo "$pkgargs" | egrep '^-j'`" ]; then - jid=$(echo "$pkgargs" | awk '$1 ~ /^-[j]/ { print $2 }') - jailv=$(jexec $jid freebsd-version -u) - ## safety check - strlen - strlen=$(echo "$jailv" | wc -c) - if [ $strlen -gt 17 -o $strlen -lt 11 ]; then - echo "Wrong version string, cannot run audit" - return 3 - fi - usrlv=$(echo $jailv | sed 's,^,FreeBSD-,;s,-RELEASE-p,_,;s,-RELEASE$,,') - ## get version from host - else - usrlv=$(freebsd-version -u | sed 's,^,FreeBSD-,;s,-RELEASE-p,_,;s,-RELEASE$,,') - fi - - then=`stat -f '%m' "${basedir}${auditfile}" 2> /dev/null` || rc=3 - now=`date +%s` || rc=3 - ## Add 10 minutes of padding since the check is in seconds. - if [ $rc -ne 0 -o \ - $(( 86400 \* "${security_status_baseaudit_expiry}" )) \ - -le $(( ${now} - ${then} + 600 )) ]; then - ## When non-interactive, sleep to reduce congestion on mirrors - anticongestion - f="-F" - else - echo -n 'Database fetched: ' - date -r "${then}" || rc=3 - fi - - ## cannot check kernel in jail or chroot - if [ -z "`echo "$pkgargs" | egrep '^-[cj]'`" -a `sysctl -n security.jail.jailed` = 0 ]; then - krnlv=$(freebsd-version -k | sed 's,^,FreeBSD-kernel-,;s,-RELEASE-p,_,;s,-RELEASE$,,') - ${pkgcmd} audit $f $q $krnlv || { rc=$?; [ $rc -lt 3 ] && rc=3; } - fi - - ${pkgcmd} audit $f $q $usrlv || { rc=$?; [ $rc -lt 3 ] && rc=3; } - - return $rc -} - -# Use $pkg_chroots to provide a default list of chroots, and -# $pkg_jails to provide a default list of jails (or '*' for all jails) -# for all pkg periodic scripts, or set -# $security_status_baseaudit_chroots and -# $security_status_baseaudit_jails for this script only. - -audit_base_all() { - local rc - local last_rc - local jails - - # We always show audit results for the base system, but only print - # a banner line if we're also showing audit results for any - # chroots or jails. - - if [ -n "${security_status_baseaudit_chroots}" -o \ - -n "${security_status_baseaudit_jails}" ]; then - echo "Host system:" - fi - - audit_base '' '' - last_rc=$? - [ $last_rc -gt 1 ] && rc=$last_rc - - for c in $security_status_baseaudit_chroots ; do - echo - echo "chroot: $c" - audit_base "-c $c" $c - last_rc=$? - [ $last_rc -gt 1 ] && rc=$last_rc - done - - case $security_status_baseaudit_jails in - \*) - jails=$(jls -q -h name path | sed -e 1d -e 's/ /|/') - ;; - '') - jails= - ;; - *) - # Given the jail name or jid, find the jail path - jails= - for j in $security_status_baseaudit_jails ; do - p=$(jls -j $j -h name path | sed -e 1d -e 's/ /|/') - jails="${jails} ${p}" - done - ;; - esac - - for j in $jails ; do - # ignore some jails - if [ -n "$security_status_baseaudit_jails_ignore" ]; then - # we iterate to get exact matches because we want substring matches - # foo should not match foo.bar - for ignore in $security_status_baseaudit_jails_ignore ; do - if [ "${j%|*}" == "$ignore" ]; then - echo - echo "ignoring jail: ${j%|*}" - # continue with the main loop - continue 2 - fi - done - fi - echo - echo "jail: ${j%|*}" - audit_base "-j ${j%|*}" ${j##*|} - last_rc=$? - [ $last_rc -gt 1 ] && rc=$last_rc - done - - return $rc -} - -security_daily_compat_var security_status_baseaudit_enable -security_daily_compat_var security_status_baseaudit_quiet -security_daily_compat_var security_status_baseaudit_chroots -security_daily_compat_var security_status_baseaudit_jails -security_daily_compat_var security_status_baseaudit_exipiry - -rc=0 - -if check_yesno_period security_status_baseaudit_enable -then - echo - echo 'Checking for security vulnerabilities in base (userland & kernel):' - - if ! ${pkgcmd} -N >/dev/null 2>&1 ; then - echo 'pkg-audit is enabled but pkg is not used' - rc=2 - else - case "${security_status_baseaudit_quiet}" in - [Yy][Ee][Ss]) - q='-q' - ;; - *) - q= - ;; - esac - - audit_base_all ; rc=$? - fi -fi - -exit "$rc" diff --git a/security/base-audit/pkg-descr b/security/base-audit/pkg-descr deleted file mode 100644 index 11e8cb99a1aa..000000000000 --- a/security/base-audit/pkg-descr +++ /dev/null @@ -1,4 +0,0 @@ -Audit base system against known vulnerabilities and generate reports -including references to security advisories. -It uses pkg audit and Vuxml database as is used for packages but this script -checks base system. diff --git a/security/base-audit/pkg-message b/security/base-audit/pkg-message deleted file mode 100644 index bc13d51ef98f..000000000000 --- a/security/base-audit/pkg-message +++ /dev/null @@ -1,21 +0,0 @@ -[ -{ type: install - message: <<EOM -Add the following lines to /etc/periodic.conf(.local) to enable periodic check - security_status_baseaudit_enable="YES" - security_status_baseaudit_quiet="NO" - -Use pkg_chroots to provide a default list of chroots -and pkg_jails to provide a default list of jails (or '*' for all jails) -for all pkg periodic scripts, or set - security_status_baseaudit_chroots -and - security_status_baseaudit_jails -for this script only. - -You can also change following variables: - security_status_baseaudit_period="daily" - security_status_baseaudit_expiry="2" -EOM -} -]