From d91e3080016c2d70e14a032cbcd4fa49727b1f23 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Sat, 16 Jan 2021 16:22:56 +0100
Subject: [PATCH] firmware: allow to run audits from firmware upgrade console
 option #4500

Type "s" for security audit, or "h" for health audit.

We don't add it to the option prompt to not clutter the menu flow.
This is mostly for debug and development purposes.
---
 src/opnsense/scripts/firmware/health.sh   |  3 +--
 src/opnsense/scripts/firmware/security.sh |  3 +--
 src/opnsense/scripts/shell/firmware.sh    | 16 +++++++++++++++-
 3 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/opnsense/scripts/firmware/health.sh b/src/opnsense/scripts/firmware/health.sh
index 748860955..e54cd1ac6 100755
--- a/src/opnsense/scripts/firmware/health.sh
+++ b/src/opnsense/scripts/firmware/health.sh
@@ -234,8 +234,7 @@ EOF
 
 echo "***GOT REQUEST TO AUDIT HEALTH***" >> ${LOCKFILE}
 
-${TEE} ${LOCKFILE} < ${PIPEFILE} &
-echo "Currently running $(opnsense-version) at $(date)" > ${PIPEFILE}
+echo "Currently running $(opnsense-version) at $(date)" >> ${LOCKFILE}
 
 set_check kernel
 set_check base
diff --git a/src/opnsense/scripts/firmware/security.sh b/src/opnsense/scripts/firmware/security.sh
index 46c34252f..8dbbaf488 100755
--- a/src/opnsense/scripts/firmware/security.sh
+++ b/src/opnsense/scripts/firmware/security.sh
@@ -33,8 +33,7 @@ rm -f ${PIPEFILE}
 mkfifo ${PIPEFILE}
 
 echo "***GOT REQUEST TO AUDIT SECURITY***" >> ${LOCKFILE}
-${TEE} ${LOCKFILE} < ${PIPEFILE} &
-echo "Currently running $(opnsense-version) at $(date)" > ${PIPEFILE}
+echo "Currently running $(opnsense-version) at $(date)" >> ${LOCKFILE}
 ${TEE} ${LOCKFILE} < ${PIPEFILE} &
 pkg audit -F > ${PIPEFILE} 2>&1
 sleep 1 # give the system time to flush the buffer to console
diff --git a/src/opnsense/scripts/shell/firmware.sh b/src/opnsense/scripts/shell/firmware.sh
index 442d62a93..8ffd6f4e3 100755
--- a/src/opnsense/scripts/shell/firmware.sh
+++ b/src/opnsense/scripts/shell/firmware.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2015-2019 Franco Fichtner <franco@opnsense.org>
+# Copyright (c) 2015-2021 Franco Fichtner <franco@opnsense.org>
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -69,6 +69,20 @@ case ${YN} in
 ${NAME})
 	ARGS="upgrade ${NAME}"
 	;;
+[sS])
+	echo
+	/usr/local/opnsense/scripts/firmware/launcher.sh security
+	echo
+	read -p "Press any key to return to menu." WAIT
+	exit 0
+	;;
+[hH])
+	echo
+	/usr/local/opnsense/scripts/firmware/launcher.sh health
+	echo
+	read -p "Press any key to return to menu." WAIT
+	exit 0
+	;;
 *)
 	exit 0
 	;;