conf/178611: [patch] daily_status_security_inline broken in 450.status-security
Jason Unovitch
jason.unovitch at gmail.com
Tue May 14 04:40:00 UTC 2013
>Number: 178611
>Category: conf
>Synopsis: [patch] daily_status_security_inline broken in 450.status-security
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue May 14 04:40:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Jason Unovitch
>Release: FreeBSD 9.1-RELEASE
>Organization:
N/A
>Environment:
FreeBSD xts-bsd 9.1-RELEASE-p3 FreeBSD 9.1-RELEASE-p3 #0: Mon Apr 29 18:27:25 UTC 2013 root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
# $FreeBSD: release/9.1.0/etc/periodic/daily/450.status-security 221432 2011-05-04 12:48:02Z netchild $
>Description:
The current /etc/periodic/daily/450.status-security combines two 'case' statements together resulting in the second case statement being passed when daily_status_security_inline="YES". When daily_show_success="NO" this will also result in the security report vanishing rather than showing up as intended by the "") rc=3;; statement in the script.
See discussion here for more details and a more detailed breakdown.
http://forums.freebsd.org/showthread.php?t=39113
>How-To-Repeat:
echo 'daily_show_success="NO"' >> /etc/periodic.conf
echo 'daily_status_security_inline="YES"' >> /etc/periodic.conf
periodic daily
>Fix:
Apply attached patch file or update as follows.
#!/bin/sh
#
# $FreeBSD: release/9.1.0/etc/periodic/daily/450.status-security 221432 2011-05-04 12:48:02Z netchild $
#
# If there is a global system configuration file, suck it in.
#
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_security_enable" in
[Yy][Ee][Ss])
echo ""
echo "Security check:"
case "$daily_status_security_inline" in
[Yy][Ee][Ss])
export security_output="";;
*)
export security_output="${daily_status_security_output}";;
esac
case "$security_output" in
"")
rc=3;;
/*)
echo " (output logged separately)"
rc=0;;
*)
echo " (output mailed separately)"
rc=0;;
esac
periodic security || rc=3;;
*) rc=0;;
esac
Patch attached with submission follows:
--- /root/450.status-security.20130508 2013-05-09 06:09:24.000000000 +0000
+++ /etc/periodic/daily/450.status-security 2013-05-12 05:09:34.000000000 +0000
@@ -20,17 +20,18 @@
[Yy][Ee][Ss])
export security_output="";;
*)
- export security_output="${daily_status_security_output}"
- case "${daily_status_security_output}" in
- "")
- rc=3;;
- /*)
- echo " (output logged separately)"
- rc=0;;
- *)
- echo " (output mailed separately)"
- rc=0;;
- esac;;
+ export security_output="${daily_status_security_output}";;
+ esac
+
+ case "$security_output" in
+ "")
+ rc=3;;
+ /*)
+ echo " (output logged separately)"
+ rc=0;;
+ *)
+ echo " (output mailed separately)"
+ rc=0;;
esac
periodic security || rc=3;;
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list