From nobody@FreeBSD.org  Mon Jun 16 11:49:06 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 44B611065670
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 16 Jun 2008 11:49:06 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 34B978FC2C
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 16 Jun 2008 11:49:06 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m5GBn6pH094595
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 16 Jun 2008 11:49:06 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m5GBn5MT094593;
	Mon, 16 Jun 2008 11:49:05 GMT
	(envelope-from nobody)
Message-Id: <200806161149.m5GBn5MT094593@www.freebsd.org>
Date: Mon, 16 Jun 2008 11:49:05 GMT
From: Alex Kozlov <spam@rm-rf.kiev.ua>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [patch] new periodic script for checking for ports with mismatched checksums
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         124641
>Category:       conf
>Synopsis:       [patch] new periodic script for checking for ports with mismatched checksums
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    gabor
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 16 11:50:01 UTC 2008
>Closed-Date:    Sat Nov 06 21:04:30 UTC 2010
>Last-Modified:  Sun Nov  7 12:00:20 UTC 2010
>Originator:     Alex Kozlov
>Release:        FreeBSD 6.3
>Organization:
private
>Environment:
>Description:
Add new periodic/security script for checking for ports with mismatched checksums
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	460.chkportsum
#
echo x - 460.chkportsum
sed 's/^X//' >460.chkportsum << 'END-of-460.chkportsum'
X#!/bin/sh
X
Xif [ -r /etc/defaults/periodic.conf ]
Xthen
X    . /etc/defaults/periodic.conf
X    source_periodic_confs
Xfi
X
X. /etc/periodic/security/security.functions
X
Xrc=0
X
Xecho ""
Xecho 'Checking for ports with mismatched checksums:'
X
Xcase "${daily_status_security_chkportsum_enable}" in
X	[Yy][Ee][Ss])
X	pkg_info -ga 2>/dev/null | \
X	while read one two three; do
X		case ${one} in
X			Information)
X			case ${two} in
X				  for) name=${three%%:} ;;
X					*) name='??' ;;
X			esac
X			;;
X			Mismatched|'') ;;
X			*)
X			if [ -n ${name} ]; then
X				echo ${name}: ${one}
X			fi
X			;;
X		esac
X	done
X	;;
X	*)
X	rc=0
X	;;
Xesac
X
Xexit $rc
END-of-460.chkportsum
exit



>Release-Note:
>Audit-Trail:

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: conf/124641: commit references a PR
Date: Mon, 19 Jul 2010 20:19:27 +0000 (UTC)

 Author: gabor
 Date: Mon Jul 19 20:19:14 2010
 New Revision: 210254
 URL: http://svn.freebsd.org/changeset/base/210254
 
 Log:
   - Add a periodic script, which can be used to find installed ports' files with
     mismatched checksum
   
   PR:		conf/124641
   Submitted by:	Alex Kozlov <spam@rm-rf.kiev.ua>
   Approved by:	delphij (mentor)
 
 Added:
   head/etc/periodic/security/460.chkportsum   (contents, props changed)
 Modified:
   head/etc/defaults/periodic.conf
   head/etc/periodic/security/Makefile
 
 Modified: head/etc/defaults/periodic.conf
 ==============================================================================
 --- head/etc/defaults/periodic.conf	Mon Jul 19 19:54:37 2010	(r210253)
 +++ head/etc/defaults/periodic.conf	Mon Jul 19 20:19:14 2010	(r210254)
 @@ -171,6 +171,9 @@ daily_status_security_passwdless_enable=
  # 410.logincheck
  daily_status_security_logincheck_enable="YES"
  
 +# 460.chkportsum
 +daily_status_security_chkportsum_enable="NO"	# Check ports w/ wrong checksum
 +
  # 500.ipfwdenied
  daily_status_security_ipfwdenied_enable="YES"
  
 
 Added: head/etc/periodic/security/460.chkportsum
 ==============================================================================
 --- /dev/null	00:00:00 1970	(empty, because file is newly added)
 +++ head/etc/periodic/security/460.chkportsum	Mon Jul 19 20:19:14 2010	(r210254)
 @@ -0,0 +1,68 @@
 +#!/bin/sh -
 +#
 +# Copyright (c) 2010  The FreeBSD Project
 +# All rights reserved.
 +#
 +# Redistribution and use in source and binary forms, with or without
 +# modification, are permitted provided that the following conditions
 +# are met:
 +# 1. Redistributions of source code must retain the above copyright
 +#    notice, this list of conditions and the following disclaimer.
 +# 2. Redistributions in binary form must reproduce the above copyright
 +#    notice, this list of conditions and the following disclaimer in the
 +#    documentation and/or other materials provided with the distribution.
 +#
 +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 +# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 +# SUCH DAMAGE.
 +#
 +# $FreeBSD$
 +#
 +
 +if [ -r /etc/defaults/periodic.conf ]
 +then
 +    . /etc/defaults/periodic.conf
 +    source_periodic_confs
 +fi
 +
 +. /etc/periodic/security/security.functions
 +
 +rc=0
 +
 +echo ""
 +echo 'Checking for ports with mismatched checksums:'
 +
 +case "${daily_status_security_chkportsum_enable}" in
 +	[Yy][Ee][Ss])
 +	pkg_info -ga 2>/dev/null | \
 +	while read one two three; do
 +		case ${one} in
 +			Information)
 +			case ${two} in
 +				  for) name=${three%%:} ;;
 +					*) name='??' ;;
 +			esac
 +			;;
 +			Mismatched|'') ;;
 +			*)
 +			if [ -n ${name} ]; then
 +				echo ${name}: ${one}
 +			fi
 +			;;
 +		esac
 +	done
 +	;;
 +	*)
 +	rc=0
 +	;;
 +esac
 +
 +exit $rc
 
 Modified: head/etc/periodic/security/Makefile
 ==============================================================================
 --- head/etc/periodic/security/Makefile	Mon Jul 19 19:54:37 2010	(r210253)
 +++ head/etc/periodic/security/Makefile	Mon Jul 19 20:19:14 2010	(r210254)
 @@ -7,6 +7,7 @@ FILES=	100.chksetuid \
  	300.chkuid0 \
  	400.passwdless \
  	410.logincheck \
 +	460.chkportsum \
  	700.kernelmsg \
  	800.loginfail \
  	900.tcpwrap \
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: gabor 
State-Changed-When: Mon Jul 19 20:22:47 UTC 2010 
State-Changed-Why:  
Committed to HEAD, thanks! 


Responsible-Changed-From-To: freebsd-bugs->gabor 
Responsible-Changed-By: gabor 
Responsible-Changed-When: Mon Jul 19 20:22:47 UTC 2010 
Responsible-Changed-Why:  
Committed to HEAD, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=124641 
State-Changed-From-To: patched->closed 
State-Changed-By: gabor 
State-Changed-When: Sat Nov 6 21:04:16 UTC 2010 
State-Changed-Why:  
Merged to 8.X 

http://www.freebsd.org/cgi/query-pr.cgi?pr=124641 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: conf/124641: commit references a PR
Date: Sun,  7 Nov 2010 11:52:08 +0000 (UTC)

 Author: delphij
 Date: Sun Nov  7 11:51:57 2010
 New Revision: 214912
 URL: http://svn.freebsd.org/changeset/base/214912
 
 Log:
   Redo r214897:
   
   MFC r211141 (gabor)
   
   - Fixes to the chkportsum script to handle better some special cases,
     like spaces in filename
   
   Submitted by:   Alex Kozlov <spam@rm-rf.kiev.ua>
   
   MFC r210254 (gabor)
   
   - Add a periodic script, which can be used to find installed ports' files with
     mismatched checksum
   
   PR:             conf/124641
   Submitted by:   Alex Kozlov <spam@rm-rf.kiev.ua>
 
 Added:
   stable/8/etc/periodic/security/460.chkportsum
      - copied, changed from r210254, head/etc/periodic/security/460.chkportsum
 Modified:
   stable/8/etc/defaults/periodic.conf
   stable/8/etc/periodic/security/Makefile
 Directory Properties:
   stable/8/etc/periodic/security/   (props changed)
 
 Modified: stable/8/etc/defaults/periodic.conf
 ==============================================================================
 --- stable/8/etc/defaults/periodic.conf	Sun Nov  7 11:39:48 2010	(r214911)
 +++ stable/8/etc/defaults/periodic.conf	Sun Nov  7 11:51:57 2010	(r214912)
 @@ -171,6 +171,9 @@ daily_status_security_passwdless_enable=
  # 410.logincheck
  daily_status_security_logincheck_enable="YES"
  
 +# 460.chkportsum
 +daily_status_security_chkportsum_enable="NO"	# Check ports w/ wrong checksum
 +
  # 500.ipfwdenied
  daily_status_security_ipfwdenied_enable="YES"
  
 
 Copied and modified: stable/8/etc/periodic/security/460.chkportsum (from r210254, head/etc/periodic/security/460.chkportsum)
 ==============================================================================
 --- head/etc/periodic/security/460.chkportsum	Mon Jul 19 20:19:14 2010	(r210254, copy source)
 +++ stable/8/etc/periodic/security/460.chkportsum	Sun Nov  7 11:51:57 2010	(r214912)
 @@ -42,20 +42,20 @@ echo 'Checking for ports with mismatched
  
  case "${daily_status_security_chkportsum_enable}" in
  	[Yy][Ee][Ss])
 +	set -f
  	pkg_info -ga 2>/dev/null | \
 -	while read one two three; do
 -		case ${one} in
 +	while IFS= read -r line; do
 +		set -- $line
 +		case $1 in
  			Information)
 -			case ${two} in
 -				  for) name=${three%%:} ;;
 -					*) name='??' ;;
 +			case $2 in
 +				for) name="${3%%:}" ;;
 +				*) name='??' ;;
  			esac
  			;;
  			Mismatched|'') ;;
 -			*)
 -			if [ -n ${name} ]; then
 -				echo ${name}: ${one}
 -			fi
 +			*) [ -n "${name}" ] &&
 +				echo "${name}: ${line%% fails the original MD5 checksum}"
  			;;
  		esac
  	done
 
 Modified: stable/8/etc/periodic/security/Makefile
 ==============================================================================
 --- stable/8/etc/periodic/security/Makefile	Sun Nov  7 11:39:48 2010	(r214911)
 +++ stable/8/etc/periodic/security/Makefile	Sun Nov  7 11:51:57 2010	(r214912)
 @@ -7,6 +7,7 @@ FILES=	100.chksetuid \
  	300.chkuid0 \
  	400.passwdless \
  	410.logincheck \
 +	460.chkportsum \
  	700.kernelmsg \
  	800.loginfail \
  	900.tcpwrap \
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
