From c85caa3933d08274a9ba9b1be16ee8af5583b99a Mon Sep 17 00:00:00 2001 From: Helge Oldach Date: Thu, 27 Jul 2023 08:42:27 +0200 Subject: [PATCH] security/rkhunter: Modernize and correct the periodic script Modernize the script but use a compatibility shim to maintain previous variables. PR: 272516 Reported by: freebsd@oldach.net Approved by: lukasz@wasikowski.net (maintainer) --- security/rkhunter/Makefile | 2 +- security/rkhunter/files/415.rkhunter.in | 67 ++++++++++++------------- security/rkhunter/pkg-message | 10 ++-- 3 files changed, 40 insertions(+), 39 deletions(-) diff --git a/security/rkhunter/Makefile b/security/rkhunter/Makefile index f5ed7d474a725..f5c2ef749bdd0 100644 --- a/security/rkhunter/Makefile +++ b/security/rkhunter/Makefile @@ -1,6 +1,6 @@ PORTNAME= rkhunter PORTVERSION= 1.4.6 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= SF diff --git a/security/rkhunter/files/415.rkhunter.in b/security/rkhunter/files/415.rkhunter.in index b35e70f724b16..4e33dc5ab443e 100644 --- a/security/rkhunter/files/415.rkhunter.in +++ b/security/rkhunter/files/415.rkhunter.in @@ -2,10 +2,12 @@ # This is a maintenance shell script for the rkhunter security tool. # You can enable this script in /etc/periodic.conf file by putting these lines into it: -# daily_rkhunter_update_enable="YES" -# daily_rkhunter_update_flags="--update --nocolors" -# daily_rkhunter_check_enable="YES" -# daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress" +# security_rkhunter_update_enable="YES" +# security_rkhunter_update_period="daily" +# security_rkhunter_update_flags="--update --nocolors" +# security_rkhunter_check_enable="YES" +# security_rkhunter_check_period="daily" +# security_rkhunter_check_flags="--checkall --nocolors --skip-keypress" # # Written by: Gabor Kovesdan @@ -14,40 +16,37 @@ if [ -r /etc/defaults/periodic.conf ]; then source_periodic_confs fi -SLEEP=/bin/sleep -JOT=/usr/bin/jot - -random() { - ${JOT} -r 1 0 900 -} - -: ${daily_rkhunter_update_flags="--update --nocolors"} -: ${daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"} +# compatibility with pre-stable/12 style variables +for type in update check +do + for mode in enable flags + do + eval old=\"\$daily_rkhunter_${type}_${mode}\" + if test -n "$old" + then + echo "Warning: Variable \$daily_rkhunter_${type}_${mode} is deprecated, use \$security_rkhunter_${type}_${mode} instead." >&2 + eval : \${security_rkhunter_${type}_${mode}:="\$daily_rkhunter_${type}_${mode}"} + fi + done +done -case "$daily_rkhunter_update_enable" in - [Yy][Ee][Ss]) +# defaults +: ${security_rkhunter_update_period:="daily"} +: ${security_rkhunter_check_period:="daily"} +: ${security_rkhunter_update_flags:="--update --nocolors"} +: ${security_rkhunter_check_flags:="--checkall --nocolors --skip-keypress"} +if check_yesno_period security_rkhunter_update_enable +then echo "" echo "Updating the rkhunter database..." - # When non-interactive, sleep to reduce congestion on rkhunter site - if [ "$1" != -nodelay ]; then - # In FreeBSD 12.0 the anticongestion function should be used - # instead of a hard-coded sleep - if [ -n "$anticongestion_sleeptime" ]; then - anticongestion - else - ${SLEEP} $(random) - fi - fi - %%PREFIX%%/bin/rkhunter ${daily_rkhunter_update_flags} - ;; -esac - -case "$daily_rkhunter_check_enable" in - [Yy][Ee][Ss]) + anticongestion + %%PREFIX%%/bin/rkhunter ${security_rkhunter_update_flags} +fi +if check_yesno_period security_rkhunter_check_enable +then echo "" echo "Running rkhunter..." - %%PREFIX%%/bin/rkhunter ${daily_rkhunter_check_flags} - ;; -esac + %%PREFIX%%/bin/rkhunter ${security_rkhunter_check_flags} +fi diff --git a/security/rkhunter/pkg-message b/security/rkhunter/pkg-message index ee7fe15bd8794..3a4a2f1bb6ad9 100644 --- a/security/rkhunter/pkg-message +++ b/security/rkhunter/pkg-message @@ -4,14 +4,16 @@ You should keep your rkhunter database up-to-date. This can be done automatically by putting this line to periodic.conf(5) files: -daily_rkhunter_update_enable="YES" -daily_rkhunter_update_flags="--update --nocolors" +security_rkhunter_update_enable="YES" +security_rkhunter_update_period="daily" +security_rkhunter_update_flags="--update --nocolors" Also, you can run rkhunter as a part of the daily security check by putting this line to periodic.conf(5) files: -daily_rkhunter_check_enable="YES" -daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress" +security_rkhunter_check_enable="YES" +security_rkhunter_check_period="daily" +security_rkhunter_check_flags="--checkall --nocolors --skip-keypress" EOM } ]