e2a212c1fb
Previously, 450.status-security would always set rc=3 in inline mode, because it doesn't know whether "periodic security" is going to find anything interesting. But this annoyingly results in daily reports that simply say "Security check: \n\n-- End of daily output --". This change fixes that by testing whether "periodic security" printed anything, and setting 450.status-security's exit status to 3 if it did. An alternative would be to change the exit status of periodic(8) to be the worst of its scripts' exit statuses, but that would be a more intrusive change. Reviewed by: brian MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D10267
48 lines
912 B
Bash
Executable File
48 lines
912 B
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# If there is a global system configuration file, suck it in.
|
|
#
|
|
if [ -r /etc/defaults/periodic.conf ]
|
|
then
|
|
. /etc/defaults/periodic.conf
|
|
source_periodic_confs
|
|
fi
|
|
|
|
case "$daily_status_security_enable" in
|
|
[Yy][Ee][Ss])
|
|
echo ""
|
|
echo "Security check:"
|
|
|
|
case "$daily_status_security_inline" in
|
|
[Yy][Ee][Ss])
|
|
daily_status_security_output="";;
|
|
esac
|
|
|
|
export security_output="${daily_status_security_output}"
|
|
rc=0
|
|
case "${daily_status_security_output}" in
|
|
"")
|
|
if tempfile=`mktemp ${TMPDIR:-/tmp}/450.status-security.XXXXXX`
|
|
then
|
|
periodic security > $tempfile || rc=3
|
|
if [ -s "$tempfile" ]; then
|
|
cat "$tempfile"
|
|
rc=3
|
|
fi
|
|
rm -f "$tempfile"
|
|
fi;;
|
|
/*)
|
|
echo " (output logged separately)"
|
|
periodic security || rc=3;;
|
|
*)
|
|
echo " (output mailed separately)"
|
|
periodic security || rc=3;;
|
|
esac;;
|
|
*) rc=0;;
|
|
esac
|
|
|
|
exit $rc
|