freebsd-nq/etc/periodic/daily/450.status-security
Alan Somers e2a212c1fb Quiet 450.status-security when *_inline="YES"
Previously, 450.status-security would always set rc=3 in inline mode,
because it doesn't know whether "periodic security" is going to find
anything interesting. But this annoyingly results in daily reports that
simply say "Security check: \n\n-- End of daily output --".

This change fixes that by testing whether "periodic security" printed
anything, and setting 450.status-security's exit status to 3 if it did. An
alternative would be to change the exit status of periodic(8) to be the
worst of its scripts' exit statuses, but that would be a more intrusive
change.

Reviewed by:	brian
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D10267
2017-04-06 01:37:03 +00:00

48 lines
912 B
Bash
Executable File

#!/bin/sh
#
# $FreeBSD$
#
# If there is a global system configuration file, suck it in.
#
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_security_enable" in
[Yy][Ee][Ss])
echo ""
echo "Security check:"
case "$daily_status_security_inline" in
[Yy][Ee][Ss])
daily_status_security_output="";;
esac
export security_output="${daily_status_security_output}"
rc=0
case "${daily_status_security_output}" in
"")
if tempfile=`mktemp ${TMPDIR:-/tmp}/450.status-security.XXXXXX`
then
periodic security > $tempfile || rc=3
if [ -s "$tempfile" ]; then
cat "$tempfile"
rc=3
fi
rm -f "$tempfile"
fi;;
/*)
echo " (output logged separately)"
periodic security || rc=3;;
*)
echo " (output mailed separately)"
periodic security || rc=3;;
esac;;
*) rc=0;;
esac
exit $rc