From 4338b66e3df5add2adfeea5a72770965b8a808dd Mon Sep 17 00:00:00 2001
From: Eugeni Dodonov <eugeni@mandriva.org>
Date: Fri, 2 Oct 2009 14:44:38 +0000
Subject: Added support for skipping checks when running on battery power.

---
 conf/level.secure         |  1 +
 conf/level.standard       |  1 +
 cron-sh/security.sh       | 10 ++++++++++
 src/msec/plugins/audit.py |  7 ++++++-
 4 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/conf/level.secure b/conf/level.secure
index df4b152..bf021db 100644
--- a/conf/level.secure
+++ b/conf/level.secure
@@ -60,3 +60,4 @@ CHECK_PROMISC=yes
 ENABLE_STARTUP_MSEC=yes
 ENABLE_STARTUP_PERMS=yes
 ALLOW_CURDIR_IN_PATH=no
+CHECK_ON_BATTERY=no
diff --git a/conf/level.standard b/conf/level.standard
index ad56837..c34186c 100644
--- a/conf/level.standard
+++ b/conf/level.standard
@@ -60,3 +60,4 @@ CHECK_PROMISC=yes
 ENABLE_STARTUP_MSEC=yes
 ENABLE_STARTUP_PERMS=yes
 ALLOW_CURDIR_IN_PATH=no
+CHECK_ON_BATTERY=no
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index df3e9f5..32dac9c 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -16,6 +16,16 @@ if [[ ${CHECK_SECURITY} != yes ]]; then
     exit 0
 fi
 
+# are we running on battery power?
+if [[ ${CHECK_ON_BATTERY} == no ]]; then
+    grep 'charging state' /proc/acpi/battery/*/state 2>/dev/null | grep -q 'discharging'
+    ret=$?
+    if [[ $ret = 0 ]]; then
+        # skipping check as we are running on battery power
+        exit 0
+    fi
+fi
+
 . /usr/share/msec/functions.sh
 
 # variables
diff --git a/src/msec/plugins/audit.py b/src/msec/plugins/audit.py
index a345d52..94f79a9 100644
--- a/src/msec/plugins/audit.py
+++ b/src/msec/plugins/audit.py
@@ -58,13 +58,14 @@ class audit:
         config.SETTINGS['NOTIFY_WARN'] = ("audit.notify_warn", ['yes', 'no'])
         # security checks from audit plugins
         config.SETTINGS['CHECK_SECURITY'] = ("audit.check_security", ['yes', 'no'])
+        config.SETTINGS['CHECK_ON_BATTERY'] = ("audit.check_on_battery", ['yes', 'no'])
 
         # preparing msecgui menu
         for check in ["CHECK_PERMS", "CHECK_USER_FILES", "CHECK_SUID_ROOT", "CHECK_SUID_MD5", "CHECK_SGID",
                     "CHECK_WRITABLE", "CHECK_UNOWNED", "FIX_UNOWNED", "CHECK_PROMISC", "CHECK_OPEN_PORT", "CHECK_FIREWALL",
                     "CHECK_PASSWD", "CHECK_SHADOW", "CHECK_CHKROOTKIT", "CHECK_RPM_PACKAGES", "CHECK_RPM_INTEGRITY",
                     "CHECK_SHOSTS", "CHECK_USERS", "CHECK_GROUPS",
-                    "TTY_WARN", "SYSLOG_WARN", "MAIL_EMPTY_CONTENT"]:
+                    "TTY_WARN", "SYSLOG_WARN", "MAIL_EMPTY_CONTENT", "CHECK_ON_BATTERY"]:
             config.SETTINGS_PERIODIC.append(check)
 
         # checks with exceptions
@@ -173,6 +174,10 @@ class audit:
         """Show security notifications in system tray using libnotify."""
         pass
 
+    def check_on_battery(self, param):
+        """Run security checks when machine is running on battery power."""
+        pass
+
     def check_promisc(self, param):
         '''  Activate ethernet cards promiscuity check.'''
         cron = self.configfiles.get_config_file(CRON)
-- 
cgit v1.2.1