Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-04-15 00:32:59 -04:00
Code Issues Packages Projects Releases Wiki Activity

Avoid scanning unnecessary packages for modified permission-hardener config

Browse Source
This commit is contained in:
Aaron Rainbolt 2025-01-14 18:50:24 -06:00
parent a84d3ba732
commit 396372c129
No known key found for this signature in database
GPG Key ID: A709160D73C79109
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
debian/security-misc.config vendored
View File

@ -22,6 +22,8 @@ true "
"
check_migrate_permission_hardener_state() {
local modified_pkg_data_str custom_hardening_arr config_file
## If folder /var/lib/permission-hardener (version 1) does not exist, this migration is unneeded.
if [ ! -d '/var/lib/permission-hardener' ]; then
return 0
@ -82,7 +84,10 @@ check_migrate_permission_hardener_state() {
'/etc/permission-hardener.d/30_default.conf'
)
readarray -t custom_hardening_arr < <(dpkg -V | awk '/permission-hardener.d/{ print $NF }')
## This will exit non-zero if some of the packages don't exist, but we
## don't care. The packages that *are* installed will still be scanned.
modified_pkg_data_str="$(dpkg -V security-misc user-sysmaint-split anon-apps-config)" || true
readarray -t custom_hardening_arr < <(awk '/permission-hardener.d/{ print $NF }' <<< "${modified_pkg_data_str}")
## If the above `dpkg -V` command doesn't return any permission-hardener
## related lines, the array will contain no meaningful info, just a single
## blank element at the start. Set the array to be explicitly empty in