git: ad528e1c8370 - main - security/base-audit: Remove port
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 18 Jul 2022 16:12:52 UTC
The branch main has been updated by yasu:
URL: https://cgit.FreeBSD.org/ports/commit/?id=ad528e1c8370284c561f4b4800337735c02b0440
commit ad528e1c8370284c561f4b4800337735c02b0440
Author: Yasuhiro Kimura <yasu@FreeBSD.org>
AuthorDate: 2022-07-18 16:09:03 +0000
Commit: Yasuhiro Kimura <yasu@FreeBSD.org>
CommitDate: 2022-07-18 16:09:03 +0000
security/base-audit: Remove port
* Remove port as 405.pkg-base-audit, core file of the port, is merged
into ports-mgmt/pkg with pkg 1.18.1.
* Add entry to MOVED
PR: 264878
Approved by: maintainer
---
MOVED | 1 +
security/Makefile | 1 -
security/base-audit/Makefile | 31 ----
security/base-audit/files/405.pkg-base-audit.in | 223 ------------------------
security/base-audit/pkg-descr | 4 -
security/base-audit/pkg-message | 21 ---
6 files changed, 1 insertion(+), 280 deletions(-)
diff --git a/MOVED b/MOVED
index e28e12e763e3..1e0a14611d22 100644
--- a/MOVED
+++ b/MOVED
@@ -17507,3 +17507,4 @@ www/rubygem-uglifier-node16|www/rubygem-uglifier|2022-07-13|Remove obsoleted por
audio/espeak|audio/espeak-ng|2022-07-15|Switch to fork of (stale) original repository
misc/ngraph||2022-07-15|Software is discontinued because its developer Nervana Systems is defunct
math/hipmcl||2022-07-16|Discontinued: old versions aren't compatible with new combblas-2.0, latest versions require CUDA that is not available on FreeBSD
+security/base-audit|ports-mgmt/pkg|2022-07-17|Merged into ports-mgmt/pkg
diff --git a/security/Makefile b/security/Makefile
index b2a3cf41dda3..5c0317e122fd 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -40,7 +40,6 @@
SUBDIR += aws-vault
SUBDIR += barnyard2
SUBDIR += barnyard2-sguil
- SUBDIR += base-audit
SUBDIR += bastillion
SUBDIR += bcrypt
SUBDIR += bcwipe
diff --git a/security/base-audit/Makefile b/security/base-audit/Makefile
deleted file mode 100644
index f6233a937f9e..000000000000
--- a/security/base-audit/Makefile
+++ /dev/null
@@ -1,31 +0,0 @@
-# Created by: Miroslav Lachman
-
-PORTNAME= base-audit
-PORTVERSION= 0.5
-CATEGORIES= security
-MASTER_SITES= # none
-DISTFILES= # none
-
-MAINTAINER= 000.fbsd@quip.cz
-COMMENT= Daily periodic check of vulnerabilities in base system
-
-LICENSE= BSD3CLAUSE
-
-RUN_DEPENDS= ${LOCALBASE}/sbin/pkg:${PKG_ORIGIN}
-
-NO_ARCH= yes
-NO_BUILD= yes
-NO_INSTALL= yes
-
-SUB_FILES= 405.pkg-base-audit
-
-PERIODIC_SECURITY= etc/periodic/security
-
-PLIST_FILES= ${PERIODIC_SECURITY}/405.pkg-base-audit
-
-do-install:
- @${MKDIR} ${STAGEDIR}${PREFIX}/${PERIODIC_SECURITY}
- ${INSTALL_SCRIPT} ${WRKDIR}/405.pkg-base-audit \
- ${STAGEDIR}${PREFIX}/${PERIODIC_SECURITY}
-
-.include <bsd.port.mk>
diff --git a/security/base-audit/files/405.pkg-base-audit.in b/security/base-audit/files/405.pkg-base-audit.in
deleted file mode 100755
index f607a5929fc7..000000000000
--- a/security/base-audit/files/405.pkg-base-audit.in
+++ /dev/null
@@ -1,223 +0,0 @@
-#!/bin/sh -f
-#
-# Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
-# Copyright (c) 2014 Matthew Seaman <matthew@FreeBSD.org>
-# Copyright (c) 2016 Miroslav Lachman <000.fbsd@quip.cz>
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-# 1. Redistributions of source code must retain the above copyright notice
-# this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# 3. Neither the name of the author nor the names of its contributors may be
-# used to endorse or promote products derived from this software without
-# specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-if [ -r /etc/defaults/periodic.conf ]; then
- . /etc/defaults/periodic.conf
- source_periodic_confs
-fi
-
-: ${security_status_baseaudit_enable:=YES}
-: ${security_status_baseaudit_period:=daily}
-: ${security_status_baseaudit_quiet:=NO}
-: ${security_status_baseaudit_chroots=$pkg_chroots}
-: ${security_status_baseaudit_jails=$pkg_jails}
-: ${security_status_baseaudit_jails_ignore=""}
-: ${security_status_baseaudit_expiry:=2}
-
-# Compute PKG_DBDIR from the config file.
-pkgcmd=%%PREFIX%%/sbin/pkg
-PKG_DBDIR=`${pkgcmd} config PKG_DBDIR`
-auditfile="${PKG_DBDIR}/vuln.xml"
-
-audit_base() {
- local pkgargs="$1"
- local basedir="$2"
- local rc
- local then
- local now
- local usrlv
- local krnlv
- local strlen
- local chrootv
- local jailv
- local jid
-
- ## get version from chroot
- if [ -n "`echo "$pkgargs" | egrep '^-c'`" ]; then
- if [ -x "$basedir/bin/freebsd-version" ]; then
- chrootv=$($basedir/bin/freebsd-version -u)
- ## safety check - strlen
- strlen=$(echo "$chrootv" | wc -c)
- if [ $strlen -gt 17 -o $strlen -lt 11 ]; then
- echo "Wrong version string, cannot run audit"
- return 3
- fi
- usrlv=$(echo $chrootv | sed 's,^,FreeBSD-,;s,-RELEASE-p,_,;s,-RELEASE$,,')
- else
- echo "Cannot guess chroot version"
- return 3
- fi
- ## get version from jail
- elif [ -n "`echo "$pkgargs" | egrep '^-j'`" ]; then
- jid=$(echo "$pkgargs" | awk '$1 ~ /^-[j]/ { print $2 }')
- jailv=$(jexec $jid freebsd-version -u)
- ## safety check - strlen
- strlen=$(echo "$jailv" | wc -c)
- if [ $strlen -gt 17 -o $strlen -lt 11 ]; then
- echo "Wrong version string, cannot run audit"
- return 3
- fi
- usrlv=$(echo $jailv | sed 's,^,FreeBSD-,;s,-RELEASE-p,_,;s,-RELEASE$,,')
- ## get version from host
- else
- usrlv=$(freebsd-version -u | sed 's,^,FreeBSD-,;s,-RELEASE-p,_,;s,-RELEASE$,,')
- fi
-
- then=`stat -f '%m' "${basedir}${auditfile}" 2> /dev/null` || rc=3
- now=`date +%s` || rc=3
- ## Add 10 minutes of padding since the check is in seconds.
- if [ $rc -ne 0 -o \
- $(( 86400 \* "${security_status_baseaudit_expiry}" )) \
- -le $(( ${now} - ${then} + 600 )) ]; then
- ## When non-interactive, sleep to reduce congestion on mirrors
- anticongestion
- f="-F"
- else
- echo -n 'Database fetched: '
- date -r "${then}" || rc=3
- fi
-
- ## cannot check kernel in jail or chroot
- if [ -z "`echo "$pkgargs" | egrep '^-[cj]'`" -a `sysctl -n security.jail.jailed` = 0 ]; then
- krnlv=$(freebsd-version -k | sed 's,^,FreeBSD-kernel-,;s,-RELEASE-p,_,;s,-RELEASE$,,')
- ${pkgcmd} audit $f $q $krnlv || { rc=$?; [ $rc -lt 3 ] && rc=3; }
- fi
-
- ${pkgcmd} audit $f $q $usrlv || { rc=$?; [ $rc -lt 3 ] && rc=3; }
-
- return $rc
-}
-
-# Use $pkg_chroots to provide a default list of chroots, and
-# $pkg_jails to provide a default list of jails (or '*' for all jails)
-# for all pkg periodic scripts, or set
-# $security_status_baseaudit_chroots and
-# $security_status_baseaudit_jails for this script only.
-
-audit_base_all() {
- local rc
- local last_rc
- local jails
-
- # We always show audit results for the base system, but only print
- # a banner line if we're also showing audit results for any
- # chroots or jails.
-
- if [ -n "${security_status_baseaudit_chroots}" -o \
- -n "${security_status_baseaudit_jails}" ]; then
- echo "Host system:"
- fi
-
- audit_base '' ''
- last_rc=$?
- [ $last_rc -gt 1 ] && rc=$last_rc
-
- for c in $security_status_baseaudit_chroots ; do
- echo
- echo "chroot: $c"
- audit_base "-c $c" $c
- last_rc=$?
- [ $last_rc -gt 1 ] && rc=$last_rc
- done
-
- case $security_status_baseaudit_jails in
- \*)
- jails=$(jls -q -h name path | sed -e 1d -e 's/ /|/')
- ;;
- '')
- jails=
- ;;
- *)
- # Given the jail name or jid, find the jail path
- jails=
- for j in $security_status_baseaudit_jails ; do
- p=$(jls -j $j -h name path | sed -e 1d -e 's/ /|/')
- jails="${jails} ${p}"
- done
- ;;
- esac
-
- for j in $jails ; do
- # ignore some jails
- if [ -n "$security_status_baseaudit_jails_ignore" ]; then
- # we iterate to get exact matches because we want substring matches
- # foo should not match foo.bar
- for ignore in $security_status_baseaudit_jails_ignore ; do
- if [ "${j%|*}" == "$ignore" ]; then
- echo
- echo "ignoring jail: ${j%|*}"
- # continue with the main loop
- continue 2
- fi
- done
- fi
- echo
- echo "jail: ${j%|*}"
- audit_base "-j ${j%|*}" ${j##*|}
- last_rc=$?
- [ $last_rc -gt 1 ] && rc=$last_rc
- done
-
- return $rc
-}
-
-security_daily_compat_var security_status_baseaudit_enable
-security_daily_compat_var security_status_baseaudit_quiet
-security_daily_compat_var security_status_baseaudit_chroots
-security_daily_compat_var security_status_baseaudit_jails
-security_daily_compat_var security_status_baseaudit_exipiry
-
-rc=0
-
-if check_yesno_period security_status_baseaudit_enable
-then
- echo
- echo 'Checking for security vulnerabilities in base (userland & kernel):'
-
- if ! ${pkgcmd} -N >/dev/null 2>&1 ; then
- echo 'pkg-audit is enabled but pkg is not used'
- rc=2
- else
- case "${security_status_baseaudit_quiet}" in
- [Yy][Ee][Ss])
- q='-q'
- ;;
- *)
- q=
- ;;
- esac
-
- audit_base_all ; rc=$?
- fi
-fi
-
-exit "$rc"
diff --git a/security/base-audit/pkg-descr b/security/base-audit/pkg-descr
deleted file mode 100644
index 11e8cb99a1aa..000000000000
--- a/security/base-audit/pkg-descr
+++ /dev/null
@@ -1,4 +0,0 @@
-Audit base system against known vulnerabilities and generate reports
-including references to security advisories.
-It uses pkg audit and Vuxml database as is used for packages but this script
-checks base system.
diff --git a/security/base-audit/pkg-message b/security/base-audit/pkg-message
deleted file mode 100644
index bc13d51ef98f..000000000000
--- a/security/base-audit/pkg-message
+++ /dev/null
@@ -1,21 +0,0 @@
-[
-{ type: install
- message: <<EOM
-Add the following lines to /etc/periodic.conf(.local) to enable periodic check
- security_status_baseaudit_enable="YES"
- security_status_baseaudit_quiet="NO"
-
-Use pkg_chroots to provide a default list of chroots
-and pkg_jails to provide a default list of jails (or '*' for all jails)
-for all pkg periodic scripts, or set
- security_status_baseaudit_chroots
-and
- security_status_baseaudit_jails
-for this script only.
-
-You can also change following variables:
- security_status_baseaudit_period="daily"
- security_status_baseaudit_expiry="2"
-EOM
-}
-]