Hello community,
here is the log from the commit of package seccheck for openSUSE:Factory checked in at 2015-02-05 11:00:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/seccheck (Old)
and /work/SRC/openSUSE:Factory/.seccheck.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "seccheck"
Changes:
--------
--- /work/SRC/openSUSE:Factory/seccheck/seccheck.changes 2014-12-19 09:37:31.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.seccheck.new/seccheck.changes 2015-02-05 11:00:10.000000000 +0100
@@ -1,0 +2,5 @@
+Tue Feb 3 15:41:45 UTC 2015 - vpereira@novell.com
+
+- bnc#914656: fixed function guessable_password_email definition
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ seccheck.spec ++++++
--- /var/tmp/diff_new_pack.peNicx/_old 2015-02-05 11:00:11.000000000 +0100
+++ /var/tmp/diff_new_pack.peNicx/_new 2015-02-05 11:00:11.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package seccheck
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
++++++ seccheck-3.0-fix-bashisms.patch ++++++
--- /var/tmp/diff_new_pack.peNicx/_old 2015-02-05 11:00:11.000000000 +0100
+++ /var/tmp/diff_new_pack.peNicx/_new 2015-02-05 11:00:11.000000000 +0100
@@ -1,15 +1,17 @@
-diff -Ndur seccheck-3.0/autologout.sh seccheck-3.0-fix-bashisms/autologout.sh
---- seccheck-3.0/autologout.sh 2014-08-25 12:36:55.000000000 +0300
-+++ seccheck-3.0-fix-bashisms/autologout.sh 2014-11-16 01:16:35.375287266 +0200
+Index: seccheck-3.0/autologout.sh
+===================================================================
+--- seccheck-3.0.orig/autologout.sh
++++ seccheck-3.0/autologout.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
#
# Small shellscript by Alexander Bergmann which checks
# for idle user terminals and kills them where applicable. Parameters can be
-diff -Ndur seccheck-3.0/helper.inc seccheck-3.0-fix-bashisms/helper.inc
---- seccheck-3.0/helper.inc 2014-08-25 12:36:55.000000000 +0300
-+++ seccheck-3.0-fix-bashisms/helper.inc 2014-11-16 01:22:19.370263995 +0200
+Index: seccheck-3.0/helper.inc
+===================================================================
+--- seccheck-3.0.orig/helper.inc
++++ seccheck-3.0/helper.inc
@@ -2,22 +2,22 @@
# functions used by all modules
#
@@ -37,7 +39,7 @@
test -z "$MAILER" && test -x "/usr/sbin/sendmail" && MAILER="/usr/sbin/sendmail"
test -z "$MAILER" && test -x "/usr/bin/mailx" && MAILER="/usr/bin/mailx"
test -z "$MAILER" && test -x "/usr/lib/sendmail" && MAILER="/usr/lib/sendmail"
-@@ -26,7 +26,7 @@
+@@ -26,7 +26,7 @@ function set_mailer () {
}
# create necessary directories
@@ -46,12 +48,12 @@
if [ ! -d "$SEC_VAR" ]; then
rm -rf "$SEC_VAR"
-@@ -43,14 +43,14 @@
+@@ -43,14 +43,14 @@ function create_secdir () {
# param a username
# template engine to substitute a variable in a text and prepare it
# to be sent per email
-function guessable_password_email {
-+guessable_password_email {
++guessable_password_email () {
ret_tmpl=`sed "s/{guessable_account}/$1/" blurbs/guessable_passwd.txt`
echo $ret_tmpl
}
@@ -63,7 +65,7 @@
for i in "rpm-md5" "sbit" "write" "devices" "write-bin"; do
if [ ! -e "$1/$i" ] ; then
touch "$1/$i"
-@@ -61,7 +61,7 @@
+@@ -61,7 +61,7 @@ function initialize_secfiles () {
# daily changes per email
# params
# OLD1, OUT1
@@ -72,7 +74,7 @@
local old1=$1
local out1=$2
-@@ -84,13 +84,14 @@
+@@ -88,13 +88,14 @@ EOF
# use john the ripper to check guessable passwords
# if you pass "quick" as argument it will simple try to find easy
# guessable passwords. otherwise it will use a dictionary
@@ -90,7 +92,7 @@
unshadow /etc/passwd /etc/shadow > $SEC_PASSWD
if [ "$1" != "quick" ]; then
nice -n 1 john -single "$SEC_PASSWD" 1> /dev/null 2>&1
-@@ -115,7 +116,7 @@
+@@ -119,7 +120,7 @@ function check_guessable_passwords () {
# param mount points
@@ -99,7 +101,7 @@
mnt_point=$1
local output_file=`mktemp -t new_devices.XXXX` # TEMPDIR is set but not exported.. does it work?
# warning: bug #51004 ls output depends on root's locale and may be less
-@@ -131,7 +132,7 @@
+@@ -135,7 +136,7 @@ function check_new_devices () {
}
# check md5sum from files
@@ -108,7 +110,7 @@
local output_file=`mktemp -t md5.XXXX` # TEMPDIR is set but not exported.. does it work?
nice -n 1 rpm -Va 2> /dev/null | grep '^5' > "$SEC_DATA/rpm-md5.new"
diff -uw "$SEC_DATA/rpm-md5" "$SEC_DATA/rpm-md5.new" | \
-@@ -144,7 +145,7 @@
+@@ -148,7 +149,7 @@ function check_md5 () {
rm -f "$output_file"
}
@@ -117,7 +119,7 @@
if [ -x /usr/bin/lsof ]; then
printf "\nThe following programs have got bound sockets:\n"
/usr/bin/lsof -i -n -P | egrep 'UDP|TCP.*LISTEN' | sed 's/....[0-9]u IP.* / /' |
-@@ -155,7 +156,7 @@
+@@ -159,7 +160,7 @@ function display_programs_with_bound_soc
}
@@ -126,7 +128,7 @@
local output_file=`mktemp -t mounted_with_missing_nosuid.XXXX` # TEMPDIR is set but not exported.. does it work?
/bin/mount | /usr/bin/grep -v nosuid | /usr/bin/grep ' nfs ' |sort > $output_file
if [ -s "$output_file" ] ; then
-@@ -165,7 +166,7 @@
+@@ -169,7 +170,7 @@ function nfs_mounted_with_missing_nosuid
rm -f "$output_file"
}
@@ -135,7 +137,7 @@
local output_file=`mktemp -t loaded_kernel_modules.XXXX` # TEMPDIR is set but not exported.. does it work?
test -e /proc/modules && {
lsmod 2> /dev/null | grep -v '^Module .* Used by$' | awk '{print$1}' | sort > $output_file
-@@ -178,7 +179,7 @@
+@@ -182,7 +183,7 @@ function list_loaded_kernel_modules () {
}
@@ -144,10 +146,11 @@
local output_file=`mktemp -t globally_exported_fs.XXXX` # TEMPDIR is set but not exported.. does it work?
-diff -Ndur seccheck-3.0/security-control.sh seccheck-3.0-fix-bashisms/security-control.sh
---- seccheck-3.0/security-control.sh 2014-08-25 12:36:55.000000000 +0300
-+++ seccheck-3.0-fix-bashisms/security-control.sh 2014-11-16 01:17:02.138285456 +0200
-@@ -9,7 +9,7 @@
+Index: seccheck-3.0/security-control.sh
+===================================================================
+--- seccheck-3.0.orig/security-control.sh
++++ seccheck-3.0/security-control.sh
+@@ -9,7 +9,7 @@ VERSION="v3.0"
MY_DIR=$(dirname $(readlink -f $0))
. $MY_DIR/basic.inc
@@ -156,9 +159,10 @@
run_sysconfig_seccheck
-diff -Ndur seccheck-3.0/security_daily_helper.inc seccheck-3.0-fix-bashisms/security_daily_helper.inc
---- seccheck-3.0/security_daily_helper.inc 2014-08-25 12:36:55.000000000 +0300
-+++ seccheck-3.0-fix-bashisms/security_daily_helper.inc 2014-11-16 01:24:33.903254894 +0200
+Index: seccheck-3.0/security_daily_helper.inc
+===================================================================
+--- seccheck-3.0.orig/security_daily_helper.inc
++++ seccheck-3.0/security_daily_helper.inc
@@ -1,5 +1,5 @@
# tests specific for security-daily.sh
-function check_mailboxes_owned_by_user_and_unreadable () {
@@ -166,7 +170,7 @@
local output_file=`mktemp -t globally_exported_fs.XXXX` # TEMPDIR is set but not exported.. does it work?
ls -cl /var/spool/mail | sed 1d | \
awk '$3 != $9 \
-@@ -16,12 +16,12 @@
+@@ -16,12 +16,12 @@ function check_mailboxes_owned_by_user_a
# params
# $1 the sysctl param
# $2 the returned value expected
@@ -181,7 +185,7 @@
if [ ! -e "$SEC_DATA/sysctl" ]; then
/usr/sbin/sysctl -a > "$SEC_DATA/sysctl"
-@@ -33,7 +33,7 @@
+@@ -33,7 +33,7 @@ function check_specifics_sysctl () {
check_specifics_sysctl_helper "net.ipv4.conf.all.rp_filter" 1 || printf "\nnet.ipv4.conf.all.rp_filter\n is disabled"
}
@@ -190,7 +194,7 @@
local output_file=`mktemp -t check_systemd_services.XXXX` # TEMPDIR is set but not exported.. does it work?
/usr/bin/systemctl list-unit-files --type=service > "$SEC_DATA/systemd_services.new"
diff -uw "$SEC_DATA/systemd_services" "$SEC_DATA/systemd_services.new" |egrep -v '^\+\+\+ |^--- |^$|^@@' | sed 's/^[+-]/& /' > "$output_file"
-@@ -45,7 +45,7 @@
+@@ -45,14 +45,14 @@ function check_systemd_services() {
rm -f "$output_file"
}
@@ -198,17 +202,16 @@
+check_sysctl () {
local output_file=`mktemp -t check_sysctl.XXXX` # TEMPDIR is set but not exported.. does it work?
/usr/sbin/sysctl -a > "$SEC_DATA/sysctl.new"
- diff -uw "$SEC_DATA/sysctl" "$SEC_DATA/sysctl.new" |egrep -v '^\+\+\+ |^--- |^$|^@@' | sed 's/^[+-]/& /' > "$output_file"
-@@ -57,7 +57,7 @@
- rm -f "$output_file"
+ cat "$SEC_DATA/sysctl.new"
+ mv "$SEC_DATA/sysctl.new" "$SEC_DATA/sysctl"
}
-function check_xinetd_services () {
+check_xinetd_services () {
local output_file=`mktemp -t check_xinetd_services.XXXX` # TEMPDIR is set but not exported.. does it work?
- /sbin/chkconfig --list | awk '/xinetd based services/,/""/' | grep -v off > "$SEC_DATA/xinetd.new"
+ /sbin/chkconfig --list 2> /dev/null | awk '/xinetd based services/,/""/' | grep -v off > "$SEC_DATA/xinetd.new"
diff -uw "$SEC_DATA/xinetd" "$SEC_DATA/xinetd.new" |egrep -v '^\+\+\+ |^--- |^$|^@@' | sed 's/^[+-]/& /' > "$output_file"
-@@ -69,13 +69,13 @@
+@@ -64,13 +64,13 @@ function check_xinetd_services () {
rm -f "$output_file"
}
@@ -224,7 +227,7 @@
if test `cat /proc/sys/kernel/kptr_restrict` -ne 1; then
printf "/proc/sys/kernel/kptr_restrict should be 1.\n"
fi
-@@ -87,7 +87,7 @@
+@@ -82,7 +82,7 @@ function check_leak_kernel_internal_addr
}
# promisc check to catch all cases even from other hosts if
@@ -233,7 +236,7 @@
# new promisc check
# rewrite of promisc check to catch all cases even from other hosts if
# script runs on a central syslog host. Thomas Biege
-@@ -122,7 +122,7 @@
+@@ -117,7 +117,7 @@ function check_promisc () {
}
# .rhosts check
@@ -242,7 +245,7 @@
local output_file=`mktemp -t check_rhosts.XXXX` # TEMPDIR is set but not exported.. does it work?
awk -F: '{ print $1 " " $6 }' /etc/passwd |
while read uid homedir; do
-@@ -146,7 +146,7 @@
+@@ -141,7 +141,7 @@ function check_rhosts () {
}
# executables should not be in the /etc/aliases file.
@@ -251,7 +254,7 @@
if [ -s /etc/aliases ]; then
local output_file=`mktemp -t no_exec_in_etcaliases.XXXX` # TEMPDIR is set but not exported.. does it work?
grep -v '^#' /etc/aliases | grep '|' > $output_file
-@@ -161,7 +161,7 @@
+@@ -156,7 +156,7 @@ function no_exec_in_etcaliases () {
}
# it doesnt save it to a file like the others.. why?
@@ -260,7 +263,7 @@
local output_file=`mktemp -t check_no_plus.XXXX` # TEMPDIR is set but not exported.. does it work?
list="/etc/hosts.equiv /etc/shosts.equiv /etc/hosts.lpd"
for f in $list ; do
-@@ -177,7 +177,7 @@
+@@ -172,7 +172,7 @@ function check_no_plus () {
}
# Check home directories. Directories should not be owned by someone else
@@ -269,7 +272,7 @@
local output_file=`mktemp -t home_directories_owners.XXXX` # TEMPDIR is set but not exported.. does it work?
awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \
while read uid homedir; do
-@@ -200,7 +200,7 @@
+@@ -195,7 +195,7 @@ function check_home_directories_owners (
}
# Files that should not be owned by someone else or writeable.
@@ -278,7 +281,7 @@
output_file=`mktemp -t specia_files_owner.XXXX` # TEMPDIR is set but not exported.. does it work?
list=".bashrc .bash_profile .bash_login .bash_logout .cshrc .emacs .exrc \
.forward .klogin .login .logout .profile .tcshrc .fvwmrc .inputrc .kshrc \
-@@ -230,7 +230,7 @@
+@@ -225,7 +225,7 @@ function check_special_files_owner () {
}
# checking root's login scrips for secure path and umask
@@ -287,9 +290,10 @@
local output_file=`mktemp -t check_root_login_scripts.0.XXXX` # TEMPDIR is set but not exported.. does it work?
local tmp_file1=`mktemp -t check_root_login_scripts.1.XXXX` # TEMPDIR is set but not exported.. does it work?
local tmp_file2=`mktemp -t check_root_login_scripts.2.XXXX` # TEMPDIR is set but not exported.. does it work?
-diff -Ndur seccheck-3.0/security-daily.sh seccheck-3.0-fix-bashisms/security-daily.sh
---- seccheck-3.0/security-daily.sh 2014-08-25 12:36:55.000000000 +0300
-+++ seccheck-3.0-fix-bashisms/security-daily.sh 2014-11-16 01:17:23.275284026 +0200
+Index: seccheck-3.0/security-daily.sh
+===================================================================
+--- seccheck-3.0.orig/security-daily.sh
++++ seccheck-3.0/security-daily.sh
@@ -12,9 +12,9 @@
MY_DIR=$(dirname $(readlink -f $0))
. $MY_DIR/basic.inc
@@ -303,9 +307,10 @@
set_tmpdir "security-daily.sh"
-diff -Ndur seccheck-3.0/security-monthly.sh seccheck-3.0-fix-bashisms/security-monthly.sh
---- seccheck-3.0/security-monthly.sh 2014-08-25 12:36:55.000000000 +0300
-+++ seccheck-3.0-fix-bashisms/security-monthly.sh 2014-11-16 01:19:27.850275598 +0200
+Index: seccheck-3.0/security-monthly.sh
+===================================================================
+--- seccheck-3.0.orig/security-monthly.sh
++++ seccheck-3.0/security-monthly.sh
@@ -8,7 +8,7 @@
MY_DIR=$(dirname $(readlink -f $0))
. $MY_DIR/basic.inc
@@ -315,7 +320,7 @@
run_sysconfig_seccheck
-@@ -35,28 +35,36 @@
+@@ -35,28 +35,36 @@ fi
# fi
#done
@@ -359,9 +364,10 @@
cat "$SEC_DATA/devices"
exit 0
-diff -Ndur seccheck-3.0/security_weekly_helper.inc seccheck-3.0-fix-bashisms/security_weekly_helper.inc
---- seccheck-3.0/security_weekly_helper.inc 2014-08-25 12:36:55.000000000 +0300
-+++ seccheck-3.0-fix-bashisms/security_weekly_helper.inc 2014-11-16 01:22:55.737261535 +0200
+Index: seccheck-3.0/security_weekly_helper.inc
+===================================================================
+--- seccheck-3.0.orig/security_weekly_helper.inc
++++ seccheck-3.0/security_weekly_helper.inc
@@ -1,5 +1,5 @@
# param mount points
-function check_suid_sgid () {
@@ -369,7 +375,7 @@
mnt_point=$1
local output_file=`mktemp -t suid_sgid.XXXX` # TEMPDIR is set but not exported.. does it work?
( nice -n 1 find $mnt_point -mount \( -perm -04000 -o -perm -02000 \) -type f | sort | \
-@@ -14,7 +14,7 @@
+@@ -14,7 +14,7 @@ function check_suid_sgid () {
}
# param mount points
@@ -378,7 +384,7 @@
mnt_point=$1
local output_file=`mktemp -t writable_executable.XXXX` # TEMPDIR is set but not exported.. does it work?
( nice -n 1 find $mnt_point -mount \( -perm -30 -o -perm -3 \) -type f | sort | \
-@@ -30,7 +30,7 @@
+@@ -30,7 +30,7 @@ function check_writable_executable () {
}
# param mount points
@@ -387,7 +393,7 @@
mnt_point=$1
local output_file=`mktemp -t world_writable.XXXX` # TEMPDIR is set but not exported.. does it work?
( nice -n 1 find $mnt_point -mount -perm -2 \( -type f -o -type d \) -not -perm -01000 | sort > "$SEC_DATA/write.new" ) 2> /dev/null
-@@ -46,7 +46,7 @@
+@@ -46,7 +46,7 @@ function check_world_writable () {
# params
# $1 = directory for checkneverlogin
@@ -396,9 +402,10 @@
bin_path=$1
#
local output_file=`mktemp -t neverlogin.XXXX` # TEMPDIR is set but not exported.. does it work?
-diff -Ndur seccheck-3.0/security-weekly.sh seccheck-3.0-fix-bashisms/security-weekly.sh
---- seccheck-3.0/security-weekly.sh 2014-08-25 12:36:55.000000000 +0300
-+++ seccheck-3.0-fix-bashisms/security-weekly.sh 2014-11-16 01:20:03.815273165 +0200
+Index: seccheck-3.0/security-weekly.sh
+===================================================================
+--- seccheck-3.0.orig/security-weekly.sh
++++ seccheck-3.0/security-weekly.sh
@@ -15,9 +15,9 @@
MY_DIR=$(dirname $(readlink -f $0))
. $MY_DIR/basic.inc
@@ -412,9 +419,10 @@
-diff -Ndur seccheck-3.0/user_group_password_helper.inc seccheck-3.0-fix-bashisms/user_group_password_helper.inc
---- seccheck-3.0/user_group_password_helper.inc 2014-08-25 12:36:55.000000000 +0300
-+++ seccheck-3.0-fix-bashisms/user_group_password_helper.inc 2014-11-16 01:23:43.687258291 +0200
+Index: seccheck-3.0/user_group_password_helper.inc
+===================================================================
+--- seccheck-3.0.orig/user_group_password_helper.inc
++++ seccheck-3.0/user_group_password_helper.inc
@@ -1,6 +1,6 @@
# user,group and password related functions
@@ -423,7 +431,7 @@
local output_file=`mktemp -t check_passwd.XXXX` # TEMPDIR is set but not exported.. does it work?
# /etc/passwd check
-@@ -50,7 +50,8 @@
+@@ -50,7 +50,8 @@ function check_passwd () {
awk -F: '{ print $1 " " $3 }' $PW | sort -n -k2 | tee $TMP1 |
uniq -d -f 1 | awk '{ print $2 }' > $TMP2
if [ -s "$TMP2" ] ; then
@@ -433,7 +441,7 @@
while read uid; do
grep -w $uid\$ $TMP1
done < $TMP2 | column
-@@ -59,7 +60,7 @@
+@@ -59,7 +60,7 @@ function check_passwd () {
rm -f "$output_file"
}
@@ -442,7 +450,7 @@
local output_file=`mktemp -t check_passwd.XXXX` # TEMPDIR is set but not exported.. does it work?
PW="/etc/shadow"
awk -F: '{
-@@ -96,7 +97,7 @@
+@@ -96,7 +97,7 @@ function check_shadow () {
rm -f "$output_file"
}
@@ -451,7 +459,7 @@
local output_file=`mktemp -t check_group.XXXX` # TEMPDIR is set but not exported.. does it work?
GRP=/etc/group
awk -F: '{
-@@ -129,7 +130,7 @@
+@@ -129,7 +130,7 @@ function check_group () {
rm -f "$output_file"
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org