d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

filter all passwords (not only changed) from periodic passwd backup

Browse Source 
The periodic 200.backup-passwd script outputs any differences it finds
in master.passwd, relative to the previous backup.  It intends to elide
the encrypted password field, but previously did so only for changed
lines (i.e., those beginning with - or + in the diff).

Apply the sed expression also to unchanged lines to also elide their
passwords.

PR:		223461
Reported by:	Andre Albsmeier
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
emaste 2017-11-21 20:31:54 +00:00
parent 93d4742b7e
commit f96852d023
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etc/periodic/daily/200.backup-passwd
View File

@ -42,7 +42,7 @@ case "$daily_backup_passwd_enable" in
[ $rc -lt 1 ] && rc=1
echo "$host passwd diffs:"
diff -uI '^#' $bak/master.passwd.bak /etc/master.passwd |\
sed 's/^\([-+][^-+:]*\):[^:]*:/\1:(password):/'
sed 's/^\([-+ ][^-+:]*\):[^:]*:/\1:(password):/'
mv $bak/master.passwd.bak $bak/master.passwd.bak2
cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
fi