#!/bin/bash # SPDX-Version: 3.0 # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.installer # SPDX-Security-Contact: security@coresecret.eu guard_sourcing ####################################### # Final checks. # Globals: # TARGET # Arguments: # None # Returns: # 0: on success ####################################### auditing_packages() { ### Declare Arrays, HashMaps, and Variables. declare -r var_logfile="/root/.ciss/cdi/log/4630_auditing_packages.log" chroot_logger "${TARGET}${var_logfile}" chroot_script "${TARGET}" " if ! dpkg --audit 2>&1 | tee -a ${var_logfile}; then echo \"[dpkg --audit] failed with ExitCode: \$? \" >> ${var_logfile} else echo \"[dpkg --audit] ExitCode: \$? \" >> ${var_logfile} fi echo +++ >> ${var_logfile} if ! apt-get check 2>&1 | tee -a ${var_logfile}; then echo \"[apt-get check] failed with ExitCode: \$? \" >> ${var_logfile} else echo \"[apt-get check] ExitCode: \$? \" >> ${var_logfile} fi echo +++ >> ${var_logfile} ### Only log anomalies from dpkg -V (no output == OK) if ! dpkg -V 2>&1 | tee -a ${var_logfile}; then echo \"[dpkg -V] failed with ExitCode: \$? \" >> ${var_logfile} else echo \"[dpkg -V] ExitCode: \$? \" >> ${var_logfile} fi echo +++ >> ${var_logfile} ### Simulations (no changes) if ! apt-get -s autoremove --purge 2>&1 | tee -a ${var_logfile}; then echo \"[apt-get -s autoremove --purge] failed with ExitCode: \$? \" >> ${var_logfile} else echo \"[apt-get -s autoremove --purge] ExitCode: \$? \" >> ${var_logfile} fi echo +++ >> ${var_logfile} ### Residual configs & holds if ! apt-mark showhold 2>&1 | tee -a ${var_logfile}; then echo \"[apt-mark showhold] failed with ExitCode: \$? \" >> ${var_logfile} else echo \"[apt-mark showhold] ExitCode: \$? \" >> ${var_logfile} fi echo +++ >> ${var_logfile} ### Apt pinning if ! grep -R . /etc/apt/preferences.d/ 2>&1 | tee -a ${var_logfile}; then echo \"[grep -R . /etc/apt/preferences.d/] failed with ExitCode: \$? \" >> ${var_logfile} else echo \"[grep -R . /etc/apt/preferences.d/] ExitCode: \$? \" >> ${var_logfile} fi echo +++ >> ${var_logfile} ### Diversions, statoverrides, alternatives if ! dpkg-divert --list 2>&1 | tee -a ${var_logfile}; then echo \"[dpkg-divert --list] failed with ExitCode: \$? \" >> ${var_logfile} else echo \"[dpkg-divert --list] ExitCode: \$? \" >> ${var_logfile} fi echo +++ >> ${var_logfile} if ! dpkg-statoverride --list 2>&1 | tee -a ${var_logfile}; then echo \"[dpkg-statoverride --list] failed with ExitCode: \$? \" >> ${var_logfile} else echo \"[dpkg-statoverride --list] ExitCode: \$? \" >> ${var_logfile} fi echo +++ >> ${var_logfile} if ! update-alternatives --get-selections 2>&1 | tee -a ${var_logfile}; then echo \"[update-alternatives --get-selections] failed with ExitCode: \$? \" >> ${var_logfile} else echo \"[update-alternatives --get-selections] ExitCode: \$? \" >> ${var_logfile} fi echo +++ >> ${var_logfile} " guard_dir && return 0 } # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh