From 35aaa30c2a0ca81c6a9d55d4c1c1cb53d5228371 Mon Sep 17 00:00:00 2001 From: Eugeni Dodonov Date: Mon, 8 Feb 2010 14:07:10 +0000 Subject: fixing check periodicity on upgrade --- init-sh/upgrade.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'init-sh') diff --git a/init-sh/upgrade.sh b/init-sh/upgrade.sh index 065174d..ceacb24 100755 --- a/init-sh/upgrade.sh +++ b/init-sh/upgrade.sh @@ -87,10 +87,18 @@ if [ -f /etc/security/msec/security.conf ]; then /etc/security/msec/security.conf # CHECK_RPM split into CHECK_RPM_PACKAGES and CHECK_RPM_INTEGRITY sed -i -e 's/CHECK_RPM=\(.*\)/CHECK_RPM_PACKAGES=\1\nCHECK_RPM_INTEGRITY=\1/g' /etc/security/msec/security.conf - # starting with 2010.1, each check can have a different periodicity + # starting with 2010.1, each periodic check can have a different periodicity # therefore, for the enabled tests we define their periodicity to 'daily' # to have the same behavior as on previous versions - sed -i -e 's/\(CHECK_.*\)=yes/\1=daily/g' /etc/security/msec/security.conf + CHECK_STRING="" + for z in PERMS USER_FILES SUID_ROOT SUID_MD5 SGID WRITABLE UNOWNED PROMISC OPEN_PORT FIREWALL PASSWD SHADOW CHKROOTKIT RPM_PACKAGES RPM_INTEGRITY SHOSTS USERS GROUPS; do + if [ -z "$CHECK_STRING" ]; then + CHECK_STRING=$z + else + CHECK_STRING="$CHECK_STRING\|$z" + fi + done + sed -i -e "s/\(CHECK_\($CHECK_STRING\)\)=yes/\1=daily/g" /etc/security/msec/security.conf # removing duplicated entries TEMPFILE=`mktemp /etc/security/msec/upgrade.XXXXXX` cat /etc/security/msec/security.conf | sort | uniq > $TEMPFILE 2>/dev/null && mv -f $TEMPFILE /etc/security/msec/security.conf -- cgit v1.2.1