tiger 1:3.2.3-10 / usr / lib / tiger / util / difflogs

This file is indexed.

/usr/lib/tiger/util/difflogs is in tiger 1:3.2.3-10.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# difflogs - 06/16/93
#
# 09/19/2003 - jfs - Fix from Nicholas François to work properly in Solaris.
# 05/12/2003 - jfs - Sort input before diffing. For some reason some
#                    checks might not always sort information properly
#                    and people might get spurious reports.
# 12/26/2001 jfs Modified intensively to work properly. Added
#  a new feature and associated variables in tigerrc so that cron jobs 
#  can be compared against a "template" (policy-compliant?) runs. 
#  This can reduce false positives even if they cannot be reduced 
#  in a given module.
#
#-----------------------------------------------------------------------------
# TODO:
# - Consider including always ERR messages regardless of wether they were not
#   present since otherwise scripts that do not run (due to ERRs) might be
#   only reported once in cron. Maybe this could be an option? 
#   (Always_Report_ERR?)
#-----------------------------------------------------------------------------
#
[ -z "$DIFF" ] && DIFF=`which diff`
[ -z "$CAT" ] && CAT=`which cat`
[ -z "$RM" ] && RM=`which rm`
[ -z "$SORT" ] && SORT=`which sort`
[ -z "$SORT" ] && SORT=$CAT
[ -z "$WORKDIR" ] && WORKDIR="/tmp"


oldfile="$1"
newfile="$2"

SPC="$DIFFD"

[ ! -n "$DIFF" ] && {
  $CAT $newfile
  exit 0
}

if [ -s "$oldfile" ]; then
  $SORT $oldfile >$WORKDIR/oldfile.sort.$$
  $SORT $newfile >$WORKDIR/newfile.sort.$$
  $DIFF -D${SPC}TIGERCHANGES $WORKDIR/oldfile.sort.$$ $WORKDIR/newfile.sort.$$ |
  {
    lastcontext=
    flag=0
    listing=0
    while read line
    do
      case "$line" in
	'#ifdef TIGERCHANGES') flag=1;;
	\#endif*) flag=0;;
	'#ifndef TIGERCHANGES') flag=2;;
	\#else*) {
	  [ $flag -eq 1 ] && flag=2
	  [ $flag -eq 2 ] && flag=1
	}
	;;
	\#*) {
	  listing=0
	  [ $flag -eq 2 -o $flag -eq 1 ] && echo "$line"
	  [ $flag -eq 0 ] && lastcontext=$line
	}
	;;
	--[A-Z]*) {
	  listing=1
	  [ -n "$lastcontext" ] && echo "$lastcontext"
	  [ $flag -eq 1 ] && echo "NEW: $line"
	  [ $flag -eq 2 ] && echo "OLD: $line"
	  lastcontext=
	}
	;;
	*) {
	  [ -n "$line" -a $listing -eq 1 ] &&  {
	  [ $flag -eq 1 ] && echo "NEW: $line"
	  [ $flag -eq 2 ] && echo "OLD: $line"
	  }
	 }
        ;;
      esac
    done
  } > $WORKDIR/tc.msg.$$
  $CAT $WORKDIR/tc.msg.$$
  $RM -f "$WORKDIR/tc.msg.$$"
  [ -f "$WORKDIR/newfile.sort.$$" ] && $RM -f "$WORKDIR/newfile.sort.$$"
  [ -f "$WORKDIR/oldfile.sort.$$" ] && $RM -f "$WORKDIR/oldfile.sort.$$"
else
  $CAT $newfile
fi

APT Browse - Built by Thomas Orozco.