| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Add new 'd' flag for it.
|
|
If a directory has protection mask, but does not exist in db, we
do not handle it right unless we calculate the protection mask by
hand, or create temporary db dir entry for it. For simplicity create
always the db dir entry -- depending on audit type we likely need
to create it anyway. This commit also caches the db dir entry in the
audit tree context to avoid duplicate lookups. ref #1241.
|
|
Use the paths' protection mask where available instead of the parent
paths'. ref #1241
|
|
|
|
fixes #607.
audit is now mostly rewritten for the new functionality. And
has new features like --check-permissions, --recursive and
--packages.
$ROOT/etc/apk/protected_files.d/*.list can now contain additional
protected paths, one path per line:
+etc
@etc/init.d
-tmp
+ will include the directory as protected configuration directory.
@ considers the directory protected, but will backup only symlinks.
- removes any protection
lbu should be modified to put include and exclude paths in
etc/apk/protected_files.d/lbu.list. Additionally, some packages
might provide their own listings.
E.g. ssh might want to provide ssh.list with something like:
+root/.ssh
+home/*/.ssh
|
|
|
|
And implement --directory-permissions for fix-applet to reset all
directory uid, gid and modes.
|
|
|
|
|
|
this makes the database package entry smaller, and we propbably
get more fields to installed_package later too. this cleans up
the way scripts are stored and is a preparation for supporting
triggers. some parsing for trigger meta-data. ref #45.
|
|
so user can override trusted keys directory and repositories file.
|
|
they are not needed, and cause errors if signing keys are not
present.
|
|
|
|
usually we are interested on the actual file's length. but
audit is interested about the link. so add a flag for this and
use it in audit.
|
|
make the system audit compare only installed files, instead of
scanning the whole file system. also make it print only package
names with -q, so reinstalling modified packages becomes easy.
|
|
this way we never change cwd, and relative filenames are always
parsed consistently. this also helps filename construction in many
places. this patch also changes '--root' to override location of
all configuration to be in the new root. previously it depended
on the file which one was used.
|
|
also take precautions in audit code if the db is missing the
checksum.
|
|
and use it for /etc/init.d by default. fixes #99.
|
|
to check system files for changes.
|
|
this also convers scripts file to a tar archive.
|
|
avoid recalculating hashes, and store the lengths of names, so
we can optimize some operations.
|
|
in future we want to checksum on gzip boundary basis, not the
full file.
|
|
And add some more verbosity to the help message.
|
|
A = "added"
U = "updated"
|
|
Add flags field to db open call. Also make error reporting quite a bit
more detailed.
|
|
also introduce apk_verbosity. --quiet reduce verbosity and --verbose
increases it.
Default verbosity is 1.
|
|
Currently only implement --backup to get list of (config) files in
protected directories to backup.
This also fixes a database corruption bug in database.c.
|
