hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-15 06:42:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

filter all passwords (not only changed) from periodic passwd backup

Browse Source 
The periodic 200.backup-passwd script outputs any differences it finds
in master.passwd, relative to the previous backup.  It intends to elide
the encrypted password field, but previously did so only for changed
lines (i.e., those beginning with - or + in the diff).

Apply the sed expression also to unchanged lines to also elide their
passwords.

PR:		223461
Reported by:	Andre Albsmeier
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Ed Maste 2017-11-21 20:31:54 +00:00
parent 90dd3e79cc
commit 71d5ff4391
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=326074
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etc/periodic/daily/200.backup-passwd
View File

@ -42,7 +42,7 @@ case "$daily_backup_passwd_enable" in
[ $rc -lt 1 ] && rc=1
echo "$host passwd diffs:"
diff -uI '^#' $bak/master.passwd.bak /etc/master.passwd |\
sed 's/^\([-+][^-+:]*\):[^:]*:/\1:(password):/'
sed 's/^\([-+ ][^-+:]*\):[^:]*:/\1:(password):/'
mv $bak/master.passwd.bak $bak/master.passwd.bak2
cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
fi