Subject: CVS commit: basesrc/etc
To: None <email@example.com>
From: Luke Mewburn <firstname.lastname@example.org>
Date: 10/12/2001 08:18:25
Module Name: basesrc
Committed By: lukem
Date: Fri Oct 12 05:18:24 UTC 2001
basesrc/etc: Makefile security
Major overhaul, with help from Andrew Brown <email@example.com>.
- Add a bunch of stuff to /etc/mtree/special to enable removal of
- files which we want to monitor for changes but don't want to
see the diffs of (master.passwd, ssh_host_key, ...) are
tagged with "nomail"
- files which we don't want to monitor are tagged with "exclude"
(such as netgroup.db, kvm.db, ...)
- monitor /etc/mtree/special.local, /root/.ssh/*
- remove /etc/changelist, and a bunch of XXX comments
- use mtree(8)'s -D, -I, and -E to generate lists of files to
actually do the changelist stuff on.
- support /etc/mtree/special.local as an optional user-provided
version of /etc/mtree/special (effectively, an enhanced
- Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/*
including support for these files being added and removed at will.
- If /sbin/fdisk exists, backup the output of "fdisk $disk" for all
the active disk drives as part of $check_disklabels
- Check permissions on: ~/.ssh/* ~/.shosts
- Reorder initialisation of defaults
- Remove special case for /etc/master.passwd "monitor but don't email diffs"
with general case for other similar files.
- Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...)
in "$backup_dir/work", to minimise name clashes.
- Add migrate_file(old, new) to do the hard work of migrating files
from the old `top level' /var/backups mechanism to the `full path'
mechanism recently added. Use this appropriately.
- Add backup_and_diff(file, printdiffs), to the hard work of backing-up
and diff-ing files.
- Cleanup use of shell redirects
- /bin/sh supports ~root globbing, so use it.
- Improve umask checking; use awk regex rather than awk math
To generate a diff of this commit:
cvs rdiff -r1.182 -r1.183 basesrc/etc/Makefile
cvs rdiff -r1.22 -r0 basesrc/etc/changelist
cvs rdiff -r1.66 -r1.67 basesrc/etc/security
cvs rdiff -r1.46 -r1.47 basesrc/etc/mtree/special
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.