diff options
author | Eugeni Dodonov <eugeni@mandriva.org> | 2009-06-26 19:20:05 +0000 |
---|---|---|
committer | Eugeni Dodonov <eugeni@mandriva.org> | 2009-06-26 19:20:05 +0000 |
commit | 286e97c3d2c32711e76415d93791835b29f8ffca (patch) | |
tree | 4a7552e382eadae6f784e4ed807d7820e1f4d292 /cron-sh/scripts | |
parent | 9b6d6355a5520380e9e0625cefe55d63cbe98fc9 (diff) | |
download | msec-286e97c3d2c32711e76415d93791835b29f8ffca.tar msec-286e97c3d2c32711e76415d93791835b29f8ffca.tar.gz msec-286e97c3d2c32711e76415d93791835b29f8ffca.tar.bz2 msec-286e97c3d2c32711e76415d93791835b29f8ffca.tar.xz msec-286e97c3d2c32711e76415d93791835b29f8ffca.zip |
Added support for CHECK_RPM_PACKAGES and CHECK_RPM_INTEGRITY.
Diffstat (limited to 'cron-sh/scripts')
-rwxr-xr-x | cron-sh/scripts/03_rpm.sh | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/cron-sh/scripts/03_rpm.sh b/cron-sh/scripts/03_rpm.sh index 6bd4307..ae88542 100755 --- a/cron-sh/scripts/03_rpm.sh +++ b/cron-sh/scripts/03_rpm.sh @@ -37,19 +37,33 @@ fi ### rpm database check -if [[ ${CHECK_RPM} == yes ]]; then +# list of installed packages +if [[ ${CHECK_RPM_PACKAGES} == yes ]]; then rpm -qa --qf "%{NAME}-%{VERSION}-%{RELEASE}\t%{INSTALLTIME}\n" | sort > ${RPM_QA_TODAY} + if [[ -f ${RPM_QA_YESTERDAY} ]]; then + diff -u ${RPM_QA_YESTERDAY} ${RPM_QA_TODAY} > ${RPM_QA_DIFF} + if [ -s ${RPM_QA_DIFF} ]; then + printf "\nSecurity Warning: These packages have changed on the system :\n" >> ${DIFF} + grep '^+' ${RPM_QA_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do + printf "\t\t- Newly installed package : ${file}\n" + done >> ${DIFF} + grep '^-' ${RPM_QA_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do + printf "\t\t- No longer present package : ${file}\n" + done >> ${DIFF} + fi + fi +fi + +# integrity of installed packages +if [[ ${CHECK_RPM_INTEGRITY} == yes ]]; then rm -f ${RPM_VA_TODAY}.tmp nice --adjustment=+19 rpm -Va --noscripts | grep '^..5' | sort > ${RPM_VA_TODAY}.tmp grep -v '^..........c.' ${RPM_VA_TODAY}.tmp | sed 's/^............//' | sort > ${RPM_VA_TODAY} grep '^..........c.' ${RPM_VA_TODAY}.tmp | sed 's/^............//' | sort > ${RPM_VA_CONFIG_TODAY} rm -f ${RPM_VA_TODAY}.tmp -fi - -### rpm database checks -if [[ ${CHECK_RPM} == yes ]]; then + # full check if [[ -s ${RPM_VA_TODAY} ]]; then printf "\nSecurity Warning: These files belonging to packages are modified on the system :\n" >> ${SECURITY} cat ${RPM_VA_TODAY} | while read f; do @@ -63,22 +77,8 @@ if [[ ${CHECK_RPM} == yes ]]; then printf "\t\t- $f\n" done >> ${SECURITY} fi -fi -### rpm database -if [[ ${CHECK_RPM} == yes ]]; then - if [[ -f ${RPM_QA_YESTERDAY} ]]; then - diff -u ${RPM_QA_YESTERDAY} ${RPM_QA_TODAY} > ${RPM_QA_DIFF} - if [ -s ${RPM_QA_DIFF} ]; then - printf "\nSecurity Warning: These packages have changed on the system :\n" >> ${DIFF} - grep '^+' ${RPM_QA_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Newly installed package : ${file}\n" - done >> ${DIFF} - grep '^-' ${RPM_QA_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- No longer present package : ${file}\n" - done >> ${DIFF} - fi - fi + # diff check if [[ -f ${RPM_VA_YESTERDAY} ]]; then diff -u ${RPM_VA_YESTERDAY} ${RPM_VA_TODAY} > ${RPM_VA_DIFF} if [ -s ${RPM_VA_DIFF} ]; then |