From olli@secnetix.de  Thu Jun 21 14:56:48 2007
Return-Path: <olli@secnetix.de>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id DFE6816A400
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 21 Jun 2007 14:56:48 +0000 (UTC)
	(envelope-from olli@secnetix.de)
Received: from pluto.secnetix.de (pluto.secnetix.de [88.198.44.136])
	by mx1.freebsd.org (Postfix) with ESMTP id 5E50213C45A
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 21 Jun 2007 14:56:48 +0000 (UTC)
	(envelope-from olli@secnetix.de)
Received: from pluto.secnetix.de (localhost.secnetix.de [127.0.0.1])
	by pluto.secnetix.de (8.14.1/8.14.1) with ESMTP id l5LEcHVS002994;
	Thu, 21 Jun 2007 16:38:22 +0200 (CEST)
	(envelope-from olli@pluto.secnetix.de)
Received: (from olli@localhost)
	by pluto.secnetix.de (8.14.1/8.14.1/Submit) id l5LEcHrT002993;
	Thu, 21 Jun 2007 16:38:17 +0200 (CEST)
	(envelope-from olli)
Message-Id: <200706211438.l5LEcHrT002993@pluto.secnetix.de>
Date: Thu, 21 Jun 2007 16:38:17 +0200 (CEST)
From: Oliver Fromme <olli@secnetix.de>
Reply-To: Oliver Fromme <olli@secnetix.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Oliver Fromme <olli@secnetix.de>
Subject: New file: /etc/periodic/daily/490.status-pkg-changes
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         113913
>Category:       conf
>Synopsis:       [patch] [requst] new file /etc/periodic/daily/490.status-pkg-changes
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    olli
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 21 15:00:10 GMT 2007
>Closed-Date:    Mon Nov 05 11:35:02 UTC 2012
>Last-Modified:  Mon Nov 05 11:35:02 UTC 2012
>Originator:     Oliver Fromme
>Release:        FreeBSD 6.2-STABLE-20070615 i386
>Organization:
secnetix GmbH & Co. KG
		http://www.secnetix.de/bsd
>Environment:

FreeBSD RELENG_6 and HEAD (7-current)

>Description:

The script below adds a new status report to the daily
periodic output:  A paragraph that lists packages that
have been added, updated or deleted in the past 24 hours.

That information is particularly useful on servers that
are maintained by multiple administrators.  When someone
adds, updates or deletes a package, the others will see
it in the daily periodic output.

Such a paragraph looks like this (example):

Changes in installed packages:
-gawk-3.1.1_1        The GNU version of Awk
+gawk-3.1.5          The GNU version of Awk
-ispell-3.2.06_17    An interactive spelling checker for multiple languages
-w3m-0.5.1_6         A pager/text-based WWW browser
+w3m-0.5.2           A pager/text-based WWW browser
+zsh-4.3.2_1         The Z shell

Of course, if there are no changes, nothing is displayed
at all.  The format is intentionally simple and compact.

>How-To-Repeat:

Save the script below as /etc/periodic/daily/490.status-pkg-changes
and add this line to /etc/periodic.conf:
daily_status_pkg_changes_enable="YES"

Suggested default entry for /etc/defaults/periodic.conf:
# 490.status-pkg-changes
daily_status_pkg_changes_enable="NO"      # Show package changes

>Fix:

#!/bin/sh -
# Show which packages have been added, updated or deleted.

# If there is a global system configuration file, suck it in.
#
if [ -r /etc/defaults/periodic.conf ]
then
    . /etc/defaults/periodic.conf
    source_periodic_confs
fi

case "$daily_status_pkg_changes_enable" in
    [Yy][Ee][Ss])
	if [ ! -f /usr/sbin/pkg_info ]; then
	    echo '$daily_status_pkg_changes_enable is enabled but' \
		 "/usr/sbin/pkg_info doesn't exist"
	    rc=2
	else
	    bak=/var/backups
	    rc=0

	    if [ -f $bak/pkg_info.bak ]; then
	    	mv -f $bak/pkg_info.bak $bak/pkg_info.bak2
	    fi
	    /usr/sbin/pkg_info > $bak/pkg_info.bak

	    if ! cmp -sz $bak/pkg_info.bak $bak/pkg_info.bak2; then
		echo ""
		echo "Changes in installed packages:"
		diff -U 0 $bak/pkg_info.bak2 $bak/pkg_info.bak \
		| grep '^[-+][^-+]' | sort -k 1.2
	    fi
	fi
	;;

    *)
	rc=0
	;;
esac

exit $rc
>Release-Note:
>Audit-Trail:

From: Oliver Fromme <olli@secnetix.de>
To: bug-followup@FreeBSD.org, olli@secnetix.de
Cc:  
Subject: Re: conf/113913: [patch] New file: /etc/periodic/daily/490.status-pkg-changes
Date: Tue, 4 Sep 2007 12:13:17 +0200 (CEST)

 Just in case the script cannot be extracted from the PR
 easily, I have saved a copy at the following URL:
 
 http://www.secnetix.de/~olli/tmp/490.status-pkg-changes
 
 With the proper defaults entry as suggested above in the
 PR, the whole script is disabled by default, so there is
 zero risk comitting this.  ;-)
 
 Best regards
 Oliver
 
 PS:  I'm using this script on a lot of machines for more
 than a year, and it has been proven to be very valuable!
 

From: Christopher Cowart <ccowart@rescomp.berkeley.edu>
To: bug-followup@FreeBSD.org, olli@secnetix.de
Cc:  
Subject: Re: conf/113913: [patch] [requst] new file
	/etc/periodic/daily/490.status-pkg-changes
Date: Wed, 9 Apr 2008 10:53:11 -0700

 --EeQfGwPcQSOJBaQU
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 Hello,
 
 I'm also interested in seeing a daily report of changes in installed
 packages. We see this as a security feature. The following is a more
 concise implementation using the security functions framework. We're
 maintaining it with our internal package management in
 /usr/local/etc/periodic/security, but would love to see it make its way
 into /etc/periodic/security.
 
 300.pkginfo:
 
 : #!/bin/sh -f
 :=20
 : # If there is a global system configuration file, suck it in.
 : if [ -r /etc/defaults/periodic.conf ]; then
 :     . /etc/defaults/periodic.conf
 :     source_periodic_confs
 : fi
 :=20
 : . /etc/periodic/security/security.functions
 :=20
 : rc=3D0
 : case "${daily_status_security_pkginfo_enable:-YES}" in
 : 	[Nn][Oo])
 : 		;;
 : 	*)
 :         pkg_info | check_diff pkginfo - \
 :             "${host} changes in installed packages:"
 : 		;;
 : esac
 :=20
 : exit "$rc"
 
 --=20
 Chris Cowart
 Network Technical Lead
 Network & Infrastructure Services, RSSP-IT
 UC Berkeley
 
 --EeQfGwPcQSOJBaQU
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.4 (FreeBSD)
 
 iQIVAwUBR/0ChyPHEDszU3zYAQLhChAAq+3sw7SW65NhlU1ioBBYWtFpZfXjEEcW
 dwqKdfv8qFibdFFOAc+ugHE3vjXzB0tpO5+0OzX1CrO9tI0yHAyF88G2/T18ELWx
 GsudVmrFjW1xqgw/P8SIT8wh/XpttvC3/V7H9F3FIm0bZbegQvm9UNvy2mfFPOb2
 ffPrf0nCYpk3FI0Z7IakkpIosvmGx0qENG3dxgFqm4Gr4VPrajOsDaaZCqhGkqqa
 c2crTOxvPhXW1TLx96Kj/q9TxpzkhJhpePaP7pZ3LNL59DrAfJ6m5u78bfqjm0JE
 pp6ahzUr+WS9Lhu4/RvEO0v68dlM2FX8reEKqFKUnp+IIZPYYmkd5IorFP7EbUAh
 PK1PwWPJPl2+CzcawnMBTTLe13L8lpQHj2IqGCbZwr+FWj7qEr3erksCM9GfLALS
 euMoDY4I9R8v5mzrAPICQf5H7NnEOGlkiRHPjAjJff6rT6iciktBlQd6uMq/E+Ff
 YXuBD9JWr+w18ZADFXIKHNExiI4FMPoaTwMeZLGHmfOqIDnekQUZS2KUy1jiq4DS
 2doVsx3QgVsMaJLULeMn/4/gMDvNLk0gGGfWkeHTnBZXAVQbMtrldaUrTrdQGpbz
 qvrU0P1ECTqY6BaMBsgJJzg7Wmzupo9pW9ZAlWAlLJGiZ+cvynLMIoGVyhXJ2zz9
 zt74F0ZOtOQ=
 =Vs5H
 -----END PGP SIGNATURE-----
 
 --EeQfGwPcQSOJBaQU--

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: conf/113913: commit references a PR
Date: Thu,  5 Aug 2010 15:53:48 +0000 (UTC)

 Author: olli
 Date: Thu Aug  5 15:53:33 2010
 New Revision: 210863
 URL: http://svn.freebsd.org/changeset/base/210863
 
 Log:
   Add a daily script to the periodic framework that reports
   changes to the package database, i.e. any packages that
   have been added, updated or deleted in the past 24 hours.
   The format is intentionally simple and concise.
   
   That information is particularly useful on servers that
   are maintained by multiple administrators.  When someone
   adds, updates or deletes a package, the others will see
   it in the daily periodic output.
   
   This script is disabled by default.
   
   PR:		conf/113913
   Submitted by:	olli
   Approved by:	des (mentor)
   MFC after:	3 weeks
 
 Added:
   head/etc/periodic/daily/490.status-pkg-changes   (contents, props changed)
 Modified:
   head/etc/defaults/periodic.conf
 
 Modified: head/etc/defaults/periodic.conf
 ==============================================================================
 --- head/etc/defaults/periodic.conf	Thu Aug  5 15:11:03 2010	(r210862)
 +++ head/etc/defaults/periodic.conf	Thu Aug  5 15:53:33 2010	(r210863)
 @@ -136,6 +136,9 @@ daily_status_named_usedns="YES"				# DNS
  # 480.status-ntpd
  daily_status_ntpd_enable="NO"				# Check NTP status
  
 +# 490.status-pkg-changes
 +daily_status_pkg_changes_enable="NO"			# Show package changes
 +
  # 500.queuerun
  daily_queuerun_enable="YES"				# Run mail queue
  daily_submit_queuerun="YES"				# Also submit queue
 
 Added: head/etc/periodic/daily/490.status-pkg-changes
 ==============================================================================
 --- /dev/null	00:00:00 1970	(empty, because file is newly added)
 +++ head/etc/periodic/daily/490.status-pkg-changes	Thu Aug  5 15:53:33 2010	(r210863)
 @@ -0,0 +1,43 @@
 +#!/bin/sh
 +#
 +# $FreeBSD$
 +#
 +
 +# If there is a global system configuration file, suck it in.
 +#
 +if [ -r /etc/defaults/periodic.conf ]; then
 +    . /etc/defaults/periodic.conf
 +    source_periodic_confs
 +fi
 +
 +case "$daily_status_pkg_changes_enable" in
 +    [Yy][Ee][Ss])
 +	if [ ! -f /usr/sbin/pkg_info ]; then
 +	    echo '$daily_status_pkg_changes_enable is enabled but' \
 +		 "/usr/sbin/pkg_info doesn't exist"
 +	    rc=2
 +	else
 +	    bak=/var/backups
 +	    rc=0
 +
 +	    if [ -f $bak/pkg_info.bak ]; then
 +	    	mv -f $bak/pkg_info.bak $bak/pkg_info.bak2
 +	    fi
 +	    /usr/sbin/pkg_info > $bak/pkg_info.bak
 +
 +	    cmp -sz $bak/pkg_info.bak $bak/pkg_info.bak2
 +	    if [ $? -eq 1 ]; then
 +		echo ""
 +		echo "Changes in installed packages:"
 +		diff -U 0 $bak/pkg_info.bak2 $bak/pkg_info.bak \
 +		| grep '^[-+][^-+]' | sort -k 1.2
 +	    fi
 +	fi
 +	;;
 +
 +    *)
 +	rc=0
 +	;;
 +esac
 +
 +exit $rc
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: olli 
State-Changed-When: Thu Aug 5 16:07:40 UTC 2010 
State-Changed-Why:  
Script added in head, r210863. 


Responsible-Changed-From-To: freebsd-bugs->olli 
Responsible-Changed-By: olli 
Responsible-Changed-When: Thu Aug 5 16:07:40 UTC 2010 
Responsible-Changed-Why:  
Script added in head, r210863. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=113913 
State-Changed-From-To: patched->closed 
State-Changed-By: olli 
State-Changed-When: Mon Nov 5 11:35:01 UTC 2012 
State-Changed-Why:  
Feature was committed and is available in stable (9) and head (10). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=113913 
>Unformatted:
