Only create a temporary file if we are actually going to do something
in the script. Eliminates a bug where we create a temp file, but don't delete it since the rm(1) is only done if the check is enabled. PR: bin/40960 Submitted by: frf <frf@xocolatl.com> MFC after: 3 days
This commit is contained in:
parent
dd7bfe512b
commit
1bdbc52de7
@ -35,12 +35,12 @@ then
|
||||
source_periodic_confs
|
||||
fi
|
||||
|
||||
TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
|
||||
LOG="${daily_status_security_logdir}"
|
||||
rc=0
|
||||
|
||||
case "$daily_status_security_chksetuid_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
|
||||
echo ""
|
||||
echo 'Checking setuid files and devices:'
|
||||
# XXX Note that there is the possibility of overrunning the args to ls
|
||||
|
@ -38,13 +38,13 @@ then
|
||||
source_periodic_confs
|
||||
fi
|
||||
|
||||
TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
|
||||
LOG="${daily_status_security_logdir}"
|
||||
ignore="${daily_status_security_chkmounts_ignore}"
|
||||
rc=0
|
||||
|
||||
case "$daily_status_security_chkmounts_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
|
||||
case "$daily_status_security_noamd" in
|
||||
[Yy][Ee][Ss])
|
||||
ignore="${ignore}|^amd:"
|
||||
|
@ -39,12 +39,12 @@ then
|
||||
source_periodic_confs
|
||||
fi
|
||||
|
||||
TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
|
||||
LOG="${daily_status_security_logdir}"
|
||||
rc=0
|
||||
|
||||
case "$daily_status_security_ipfwdenied_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
|
||||
if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
|
||||
if [ ! -f ${LOG}/ipfw.today ]; then
|
||||
rc=1
|
||||
|
@ -38,11 +38,11 @@ then
|
||||
source_periodic_confs
|
||||
fi
|
||||
|
||||
TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
|
||||
rc=0
|
||||
|
||||
case "$daily_status_security_ipfwlimit_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
|
||||
IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null`
|
||||
if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then
|
||||
ipfw -a l | grep " log " | perl -n -e \
|
||||
|
@ -38,12 +38,12 @@ then
|
||||
source_periodic_confs
|
||||
fi
|
||||
|
||||
TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
|
||||
LOG="${daily_status_security_logdir}"
|
||||
rc=0
|
||||
|
||||
case "$daily_status_security_ip6fwdenied_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
|
||||
if ip6fw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
|
||||
if [ ! -f ${LOG}/ip6fw.today ]; then
|
||||
rc=1
|
||||
|
@ -38,11 +38,11 @@ then
|
||||
source_periodic_confs
|
||||
fi
|
||||
|
||||
TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
|
||||
rc=0
|
||||
|
||||
case "$daily_status_security_ip6fwlimit_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
|
||||
IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null`
|
||||
if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then
|
||||
ip6fw -a l | grep " log " | perl -n -e \
|
||||
|
@ -38,12 +38,12 @@ then
|
||||
source_periodic_confs
|
||||
fi
|
||||
|
||||
TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
|
||||
LOG="${daily_status_security_logdir}"
|
||||
rc=0
|
||||
|
||||
case "$daily_status_security_kernelmsg_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
|
||||
if dmesg 2>/dev/null > ${TMP}; then
|
||||
if [ ! -f ${LOG}/dmesg.today ]; then
|
||||
rc=1
|
||||
|
Loading…
Reference in New Issue
Block a user