bab9bb6b69
Create new directories:
ceph
config
config-files
filesystem
kernel
kernel/kernel-modules
ldap
logging
strorage-drivers
tools
utilities
virt
Retire directories:
connectivity
core
devtools
support
extended
Delete two packages:
tgt
irqbalance
Relocated packages:
base/
dhcp
initscripts
libevent
lighttpd
linuxptp
memcached
net-snmp
novnc
ntp
openssh
pam
procps
sanlock
shadow
sudo
systemd
util-linux
vim
watchdog
ceph/
python-cephclient
config/
facter
puppet-4.8.2
puppet-modules
filesystem/
e2fsprogs
nfs-utils
nfscheck
kernel/
kernel-std
kernel-rt
kernel/kernel-modules/
mlnx-ofa_kernel
ldap/
nss-pam-ldapd
openldap
logging/
syslog-ng
logrotate
networking/
lldpd
iproute
mellanox
python-ryu
mlx4-config
python/
python-2.7.5
python-django
python-gunicorn
python-setuptools
python-smartpm
python-voluptuous
security/
shim-signed
shim-unsigned
tboot
strorage-drivers/
python-3parclient
python-lefthandclient
virt/
cloud-init
libvirt
libvirt-python
qemu
tools/
storage-topology
vm-topology
utilities/
tis-extensions
namespace-utils
nova-utils
update-motd
Change-Id: I37ade764d873c701b35eac5881eb40412ba64a86
Story: 2002801
Task: 22687
Signed-off-by: Scott Little <scott.little@windriver.com>
79 lines
1.9 KiB
Diff
79 lines
1.9 KiB
Diff
From 21f104089cf3a8ee8eb295bafa47dff6ab1000ac Mon Sep 17 00:00:00 2001
|
|
From: David Balme <david.balme@windriver.com>
|
|
Date: Sun, 29 Jan 2017 18:14:25 -0500
|
|
Subject: [PATCH 1/1] tamper proof bash log
|
|
|
|
---
|
|
misc/chattr.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
|
|
1 file changed, 48 insertions(+)
|
|
|
|
diff --git a/misc/chattr.c b/misc/chattr.c
|
|
index f130108..44db04b 100644
|
|
--- a/misc/chattr.c
|
|
+++ b/misc/chattr.c
|
|
@@ -188,6 +188,49 @@ static int decode_arg (int * i, int argc, char ** argv)
|
|
return 1;
|
|
}
|
|
|
|
+//
|
|
+// returns true (1) if name looks like
|
|
+// bash.log
|
|
+// bash.log*
|
|
+// */bash.log
|
|
+// */bash.log*
|
|
+//
|
|
+static int is_bash_log_file(const char * name) {
|
|
+ if (name == NULL) {
|
|
+ return 0;
|
|
+ }
|
|
+ char * srchresult = strstr(name, "bash.log");
|
|
+ if (srchresult != NULL) {
|
|
+ if (srchresult == name) {
|
|
+ // starts with scenario
|
|
+ return 1;
|
|
+ }
|
|
+ // contained scenario
|
|
+ // let's ensure preceding char is a /
|
|
+ srchresult --;
|
|
+ if (*srchresult == '/') {
|
|
+ return 1;
|
|
+ }
|
|
+ return 0;
|
|
+ }
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+// returns true (1) if user is trying to remove append-only flag
|
|
+// from bash.log file.
|
|
+static int is_remove_append_only_on_bash_log(const char * name, unsigned long flags, int rem) {
|
|
+ if (!rem) {
|
|
+ return 0; // no attribute remove operation specified
|
|
+ }
|
|
+ if (!(flags & EXT2_APPEND_FL)) { //
|
|
+ return 0;
|
|
+ }
|
|
+ // at this point we are trying to remove append only attribute!
|
|
+ // now check if its a bash.log file
|
|
+ return is_bash_log_file(name);
|
|
+}
|
|
+
|
|
+
|
|
static int chattr_dir_proc(const char *, struct dirent *, void *);
|
|
|
|
static int change_attributes(const char * name)
|
|
@@ -208,6 +251,11 @@ static int change_attributes(const char * name)
|
|
_("while reading flags on %s"), name);
|
|
return -1;
|
|
}
|
|
+
|
|
+ if (is_remove_append_only_on_bash_log(name, flags, rem)) {
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
if (set) {
|
|
if (verbose) {
|
|
printf (_("Flags of %s set as "), name);
|
|
--
|
|
1.9.1
|
|
|