aboutsummaryrefslogtreecommitdiffstats
path: root/cron-sh/scripts
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2009-06-26 19:20:05 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2009-06-26 19:20:05 +0000
commit286e97c3d2c32711e76415d93791835b29f8ffca (patch)
tree4a7552e382eadae6f784e4ed807d7820e1f4d292 /cron-sh/scripts
parent9b6d6355a5520380e9e0625cefe55d63cbe98fc9 (diff)
downloadmsec-286e97c3d2c32711e76415d93791835b29f8ffca.tar
msec-286e97c3d2c32711e76415d93791835b29f8ffca.tar.gz
msec-286e97c3d2c32711e76415d93791835b29f8ffca.tar.bz2
msec-286e97c3d2c32711e76415d93791835b29f8ffca.tar.xz
msec-286e97c3d2c32711e76415d93791835b29f8ffca.zip
Added support for CHECK_RPM_PACKAGES and CHECK_RPM_INTEGRITY.
Diffstat (limited to 'cron-sh/scripts')
-rwxr-xr-xcron-sh/scripts/03_rpm.sh40
1 files changed, 20 insertions, 20 deletions
diff --git a/cron-sh/scripts/03_rpm.sh b/cron-sh/scripts/03_rpm.sh
index 6bd4307..ae88542 100755
--- a/cron-sh/scripts/03_rpm.sh
+++ b/cron-sh/scripts/03_rpm.sh
@@ -37,19 +37,33 @@ fi
### rpm database check
-if [[ ${CHECK_RPM} == yes ]]; then
+# list of installed packages
+if [[ ${CHECK_RPM_PACKAGES} == yes ]]; then
rpm -qa --qf "%{NAME}-%{VERSION}-%{RELEASE}\t%{INSTALLTIME}\n" | sort > ${RPM_QA_TODAY}
+ if [[ -f ${RPM_QA_YESTERDAY} ]]; then
+ diff -u ${RPM_QA_YESTERDAY} ${RPM_QA_TODAY} > ${RPM_QA_DIFF}
+ if [ -s ${RPM_QA_DIFF} ]; then
+ printf "\nSecurity Warning: These packages have changed on the system :\n" >> ${DIFF}
+ grep '^+' ${RPM_QA_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+ printf "\t\t- Newly installed package : ${file}\n"
+ done >> ${DIFF}
+ grep '^-' ${RPM_QA_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+ printf "\t\t- No longer present package : ${file}\n"
+ done >> ${DIFF}
+ fi
+ fi
+fi
+
+# integrity of installed packages
+if [[ ${CHECK_RPM_INTEGRITY} == yes ]]; then
rm -f ${RPM_VA_TODAY}.tmp
nice --adjustment=+19 rpm -Va --noscripts | grep '^..5' | sort > ${RPM_VA_TODAY}.tmp
grep -v '^..........c.' ${RPM_VA_TODAY}.tmp | sed 's/^............//' | sort > ${RPM_VA_TODAY}
grep '^..........c.' ${RPM_VA_TODAY}.tmp | sed 's/^............//' | sort > ${RPM_VA_CONFIG_TODAY}
rm -f ${RPM_VA_TODAY}.tmp
-fi
-
-### rpm database checks
-if [[ ${CHECK_RPM} == yes ]]; then
+ # full check
if [[ -s ${RPM_VA_TODAY} ]]; then
printf "\nSecurity Warning: These files belonging to packages are modified on the system :\n" >> ${SECURITY}
cat ${RPM_VA_TODAY} | while read f; do
@@ -63,22 +77,8 @@ if [[ ${CHECK_RPM} == yes ]]; then
printf "\t\t- $f\n"
done >> ${SECURITY}
fi
-fi
-### rpm database
-if [[ ${CHECK_RPM} == yes ]]; then
- if [[ -f ${RPM_QA_YESTERDAY} ]]; then
- diff -u ${RPM_QA_YESTERDAY} ${RPM_QA_TODAY} > ${RPM_QA_DIFF}
- if [ -s ${RPM_QA_DIFF} ]; then
- printf "\nSecurity Warning: These packages have changed on the system :\n" >> ${DIFF}
- grep '^+' ${RPM_QA_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Newly installed package : ${file}\n"
- done >> ${DIFF}
- grep '^-' ${RPM_QA_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- No longer present package : ${file}\n"
- done >> ${DIFF}
- fi
- fi
+ # diff check
if [[ -f ${RPM_VA_YESTERDAY} ]]; then
diff -u ${RPM_VA_YESTERDAY} ${RPM_VA_TODAY} > ${RPM_VA_DIFF}
if [ -s ${RPM_VA_DIFF} ]; then