Quiet 450.status-security when *_inline="YES"

Previously, 450.status-security would always set rc=3 in inline mode, because it doesn't know whether "periodic security" is going to find anything interesting. But this annoyingly results in daily reports that simply say "Security check: \n\n-- End of daily output --". This change fixes that by testing whether "periodic security" printed anything, and setting 450.status-security's exit status to 3 if it did. An alternative would be to change the exit status of periodic(8) to be the worst of its scripts' exit statuses, but that would be a more intrusive change. Reviewed by: brian MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D10267
svn path=/head/; revision=316548
2017-04-06 01:37:03 +00:00 · 2017-04-06 01:37:03 +00:00 · e2a212c1fb · 2020-12-20 02:59:44 +00:00
commit e2a212c1fb
parent 2d6ab41dcd
3 changed files with 39 additions and 21 deletions
--- a/etc/periodic/daily/450.status-security
+++ b/etc/periodic/daily/450.status-security
@ -22,19 +22,25 @@ case "$daily_status_security_enable" in
 	esac

 	export security_output="${daily_status_security_output}"
+	rc=0
 	case "${daily_status_security_output}" in
 	    "")
-		rc=3;;
+		if tempfile=`mktemp ${TMPDIR:-/tmp}/450.status-security.XXXXXX`
+		then
+			periodic security > $tempfile || rc=3
+			if [ -s "$tempfile" ]; then
+				cat "$tempfile"
+				rc=3
+			fi
+			rm -f "$tempfile"
+		fi;;
 	    /*)
 		echo "    (output logged separately)"
-		rc=0;;
+		periodic security || rc=3;;
 	    *)
 		echo "    (output mailed separately)"
-		rc=0;;
-	esac
-
-	periodic security || rc=3;;
-
+		periodic security || rc=3;;
+	esac;;
    *)  rc=0;;
 esac

--- a/etc/periodic/monthly/450.status-security
+++ b/etc/periodic/monthly/450.status-security
@ -22,19 +22,25 @@ case "$monthly_status_security_enable" in
 	esac

 	export security_output="${monthly_status_security_output}"
+	rc=0
 	case "${monthly_status_security_output}" in
 	    "")
-		rc=3;;
+		if tempfile=`mktemp ${TMPDIR:-/tmp}/450.status-security.XXXXXX`
+		then
+			periodic security > $tempfile || rc=3
+			if [ -s "$tempfile" ]; then
+				cat "$tempfile"
+				rc=3
+			fi
+			rm -f "$tempfile"
+		fi;;
 	    /*)
 		echo "    (output logged separately)"
-		rc=0;;
+		periodic security || rc=3;;
 	    *)
 		echo "    (output mailed separately)"
-		rc=0;;
-	esac
-
-	periodic security || rc=3;;
-
+		periodic security || rc=3;;
+	esac;;
    *)  rc=0;;
 esac

--- a/etc/periodic/weekly/450.status-security
+++ b/etc/periodic/weekly/450.status-security
@ -22,19 +22,25 @@ case "$weekly_status_security_enable" in
 	esac

 	export security_output="${weekly_status_security_output}"
+	rc=0
 	case "${weekly_status_security_output}" in
 	    "")
-		rc=3;;
+		if tempfile=`mktemp ${TMPDIR:-/tmp}/450.status-security.XXXXXX`
+		then
+			periodic security > $tempfile || rc=3
+			if [ -s "$tempfile" ]; then
+				cat "$tempfile"
+				rc=3
+			fi
+			rm -f "$tempfile"
+		fi;;
 	    /*)
 		echo "    (output logged separately)"
-		rc=0;;
+		periodic security || rc=3;;
 	    *)
 		echo "    (output mailed separately)"
-		rc=0;;
-	esac
-
-	periodic security || rc=3;;
-
+		periodic security || rc=3;;
+	esac;;
    *)  rc=0;;
 esac