svn commit: r214912 - in stable/8/etc: defaults periodic/security

[Xin LI]

Author: delphij
Date: Sun Nov  7 11:51:57 2010
New Revision: 214912
URL: http://svn.freebsd.org/changeset/base/214912

Log:
  Redo r214897:
  
  MFC r211141 (gabor)
  
  - Fixes to the chkportsum script to handle better some special cases,
    like spaces in filename
  
  Submitted by:   Alex Kozlov <spam at rm-rf.kiev.ua>
  
  MFC r210254 (gabor)
  
  - Add a periodic script, which can be used to find installed ports' files with
    mismatched checksum
  
  PR:             conf/124641
  Submitted by:   Alex Kozlov <spam at rm-rf.kiev.ua>

Added:
  stable/8/etc/periodic/security/460.chkportsum
     - copied, changed from r210254, head/etc/periodic/security/460.chkportsum
Modified:
  stable/8/etc/defaults/periodic.conf
  stable/8/etc/periodic/security/Makefile
Directory Properties:
  stable/8/etc/periodic/security/   (props changed)

Modified: stable/8/etc/defaults/periodic.conf
==============================================================================
--- stable/8/etc/defaults/periodic.conf	Sun Nov  7 11:39:48 2010	(r214911)
+++ stable/8/etc/defaults/periodic.conf	Sun Nov  7 11:51:57 2010	(r214912)
@@ -171,6 +171,9 @@ daily_status_security_passwdless_enable=
 # 410.logincheck
 daily_status_security_logincheck_enable="YES"
 
+# 460.chkportsum
+daily_status_security_chkportsum_enable="NO"	# Check ports w/ wrong checksum
+
 # 500.ipfwdenied
 daily_status_security_ipfwdenied_enable="YES"
 

Copied and modified: stable/8/etc/periodic/security/460.chkportsum (from r210254, head/etc/periodic/security/460.chkportsum)
==============================================================================
--- head/etc/periodic/security/460.chkportsum	Mon Jul 19 20:19:14 2010	(r210254, copy source)
+++ stable/8/etc/periodic/security/460.chkportsum	Sun Nov  7 11:51:57 2010	(r214912)
@@ -42,20 +42,20 @@ echo 'Checking for ports with mismatched
 
 case "${daily_status_security_chkportsum_enable}" in
 	[Yy][Ee][Ss])
+	set -f
 	pkg_info -ga 2>/dev/null | \
-	while read one two three; do
-		case ${one} in
+	while IFS= read -r line; do
+		set -- $line
+		case $1 in
 			Information)
-			case ${two} in
-				  for) name=${three%%:} ;;
-					*) name='??' ;;
+			case $2 in
+				for) name="${3%%:}" ;;
+				*) name='??' ;;
 			esac
 			;;
 			Mismatched|'') ;;
-			*)
-			if [ -n ${name} ]; then
-				echo ${name}: ${one}
-			fi
+			*) [ -n "${name}" ] &&
+				echo "${name}: ${line%% fails the original MD5 checksum}"
 			;;
 		esac
 	done

Modified: stable/8/etc/periodic/security/Makefile
==============================================================================
--- stable/8/etc/periodic/security/Makefile	Sun Nov  7 11:39:48 2010	(r214911)
+++ stable/8/etc/periodic/security/Makefile	Sun Nov  7 11:51:57 2010	(r214912)
@@ -7,6 +7,7 @@ FILES=	100.chksetuid \
 	300.chkuid0 \
 	400.passwdless \
 	410.logincheck \
+	460.chkportsum \
 	700.kernelmsg \
 	800.loginfail \
 	900.tcpwrap \