mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-21 16:32:25 +01:00
filter all passwords (not only changed) from periodic passwd backup
The periodic 200.backup-passwd script outputs any differences it finds in master.passwd, relative to the previous backup. It intends to elide the encrypted password field, but previously did so only for changed lines (i.e., those beginning with - or + in the diff). Apply the sed expression also to unchanged lines to also elide their passwords. PR: 223461 Reported by: Andre Albsmeier MFC after: 2 weeks Sponsored by: The FreeBSD Foundation
This commit is contained in:
parent
90dd3e79cc
commit
71d5ff4391
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=326074
@ -42,7 +42,7 @@ case "$daily_backup_passwd_enable" in
|
||||
[ $rc -lt 1 ] && rc=1
|
||||
echo "$host passwd diffs:"
|
||||
diff -uI '^#' $bak/master.passwd.bak /etc/master.passwd |\
|
||||
sed 's/^\([-+][^-+:]*\):[^:]*:/\1:(password):/'
|
||||
sed 's/^\([-+ ][^-+:]*\):[^:]*:/\1:(password):/'
|
||||
mv $bak/master.passwd.bak $bak/master.passwd.bak2
|
||||
cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user