diff --git a/plist b/plist
index 0dc94bd02..50e2fa4de 100644
--- a/plist
+++ b/plist
@@ -551,6 +551,7 @@
/usr/local/opnsense/scripts/filter/list_table.py
/usr/local/opnsense/scripts/filter/list_tables.py
/usr/local/opnsense/scripts/filter/pfinfo.py
+/usr/local/opnsense/scripts/firmware/audit.sh
/usr/local/opnsense/scripts/firmware/changelog.sh
/usr/local/opnsense/scripts/firmware/check.sh
/usr/local/opnsense/scripts/firmware/hotfix.sh
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php b/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
index b5345cb2b..1c1543873 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
@@ -273,6 +273,26 @@ class FirmwareController extends ApiControllerBase
return $response;
}
+ /**
+ * run a security audit
+ * @return array status
+ * @throws \Exception
+ */
+ public function auditAction()
+ {
+ $backend = new Backend();
+ $response = array();
+
+ if ($this->request->isPost()) {
+ $response['status'] = 'ok';
+ $response['msg_uuid'] = trim($backend->configdRun("firmware audit", true));
+ } else {
+ $response['status'] = 'failure';
+ }
+
+ return $response;
+ }
+
/**
* reinstall package
* @param string $pkg_name package name to reinstall
diff --git a/src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt b/src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt
index 2fd147ffb..5508f6dae 100644
--- a/src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt
@@ -63,6 +63,7 @@ POSSIBILITY OF SUCH DAMAGE.
// unhide upgrade button
$("#upgrade").attr("style","");
+ $("#audit").attr("style","display:none");
// show upgrade list
$('#update_status').hide();
@@ -91,6 +92,7 @@ POSSIBILITY OF SUCH DAMAGE.
packagesInfo(false);
} else {
$("#upgrade").attr("style","display:none");
+ $("#audit").attr("style","");
// update list so plugins sync as well (all)
packagesInfo(true);
@@ -106,6 +108,7 @@ POSSIBILITY OF SUCH DAMAGE.
$('#update_status').show();
$('#updatetab > a').tab('show');
$('#updatestatus').html("{{ lang._('Upgrading...') }}");
+ $("#audit").attr("style","display:none");
$("#upgrade").attr("style","");
$("#upgrade_progress").addClass("fa fa-spinner fa-pulse");
@@ -115,6 +118,24 @@ POSSIBILITY OF SUCH DAMAGE.
});
}
+ /**
+ * perform audit, install poller to update status
+ */
+ function audit() {
+ $.upgrade_action = 'audit';
+ $('#updatelist').hide();
+ $('#update_status').show();
+ $('#updatetab > a').tab('show');
+ $('#updatestatus').html("{{ lang._('Auditing...') }}");
+ $("#audit").attr("style","");
+ $("#audit_progress").addClass("fa fa-spinner fa-pulse");
+
+ ajaxCall('/api/core/firmware/audit', {}, function () {
+ $('#updatelist').empty();
+ setTimeout(trackStatus, 500);
+ });
+ }
+
/**
* read license from backend
*/
@@ -218,9 +239,9 @@ POSSIBILITY OF SUCH DAMAGE.
}
/**
- * handle update status
+ * handle check/audit/upgrade status
*/
- function trackStatus(){
+ function trackStatus() {
ajaxGet('/api/core/firmware/upgradestatus',{},function(data, status) {
if (data['log'] != undefined) {
$('#update_status').html(data['log']);
@@ -228,12 +249,16 @@ POSSIBILITY OF SUCH DAMAGE.
}
if (data['status'] == 'done') {
$("#upgrade_progress").removeClass("fa fa-spinner fa-pulse");
- if ($.upgrade_action != 'pkg') {
- $('#updatestatus').html("{{ lang._('Upgrade done!') }}");
- } else {
+ $("#audit_progress").removeClass("fa fa-spinner fa-pulse");
+ if ($.upgrade_action == 'pkg') {
$('#updatestatus').html("{{ lang._('Package manager update done. Please check for more updates.') }}");
+ } else if ($.upgrade_action == 'audit') {
+ $('#updatestatus').html("{{ lang._('Audit done.') }}");
+ } else {
+ $('#updatestatus').html("{{ lang._('Upgrade done.') }}");
}
$("#upgrade").attr("style","display:none");
+ $("#audit").attr("style","");
packagesInfo(true);
} else if (data['status'] == 'reboot') {
BootstrapDialog.show({
@@ -418,6 +443,7 @@ POSSIBILITY OF SUCH DAMAGE.
// link event handlers
$('#checkupdate').click(updateStatus);
$('#upgrade').click(upgrade_ui);
+ $('#audit').click(audit);
// show upgrade message if there
if ($('#message').html() != '') {
$('#message').attr('style', '');
@@ -550,6 +576,7 @@ POSSIBILITY OF SUCH DAMAGE.
+
{{ lang._('Click to check for updates.')}}
diff --git a/src/opnsense/scripts/firmware/audit.sh b/src/opnsense/scripts/firmware/audit.sh
new file mode 100755
index 000000000..1a61ed61e
--- /dev/null
+++ b/src/opnsense/scripts/firmware/audit.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Franco Fichtner
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+PKG_PROGRESS_FILE=/tmp/pkg_upgrade.progress
+
+# Truncate upgrade progress file
+: > ${PKG_PROGRESS_FILE}
+
+echo "***GOT REQUEST TO AUDIT" >> ${PKG_PROGRESS_FILE}
+pkg audit -F >> ${PKG_PROGRESS_FILE} 2>&1
+echo '***DONE***' >> ${PKG_PROGRESS_FILE}
diff --git a/src/opnsense/scripts/firmware/launcher.sh b/src/opnsense/scripts/firmware/launcher.sh
index 2995ac9bb..ece893f0a 100755
--- a/src/opnsense/scripts/firmware/launcher.sh
+++ b/src/opnsense/scripts/firmware/launcher.sh
@@ -28,6 +28,7 @@ BASEDIR="/usr/local/opnsense/scripts/firmware"
LOCKFILE="/tmp/pkg_upgrade.progress"
FLOCK="/usr/local/bin/flock -n -o"
COMMANDS="
+audit
hotfix
install
lock
diff --git a/src/opnsense/service/conf/actions.d/actions_firmware.conf b/src/opnsense/service/conf/actions.d/actions_firmware.conf
index ac4f4dbef..e8e1a37b2 100644
--- a/src/opnsense/service/conf/actions.d/actions_firmware.conf
+++ b/src/opnsense/service/conf/actions.d/actions_firmware.conf
@@ -35,6 +35,12 @@ parameters:%s
type:script_output
message:Viewing license for %s
+[audit]
+command:/usr/sbin/daemon -f /usr/local/opnsense/scripts/firmware/launcher.sh audit
+parameters:
+type:script
+message:Retrieving vulnerability report
+
[running]
command:/usr/local/opnsense/scripts/firmware/running.sh
parameters: