svn commit: r300356 - in head: etc/defaults usr.sbin/periodic

[Alan Somers]

Author: asomers
Date: Sat May 21 02:14:11 2016
New Revision: 300356
URL: https://svnweb.freebsd.org/changeset/base/300356

Log:
  Better document security_show_{success,info,badconfig} in /etc/periodic.conf
  
  periodic(8) already handles the security_show_{success,info,badconfig}
  variables correctly. However, those variables aren't explicitly set in
  /etc/defaults/periodic.conf or anywhere else, which suggests to the user
  that they shouldn't be used.
  
  etc/defaults/periodic.conf
  	Explicitly set defaults for security_show_{success,info,badconfig}
  
  usr.sbin/periodic/periodic.sh
  	Update usage string
  
  usr.sbin/periodic/periodic.8
  	Minor man page updates
  
  One thing I'm _not_ doing is recommending setting security_output to
  /var/log/security.log or adding that file to /etc/newsyslog.conf, because
  periodic(8) would create it with default permissions, usually 644, and
  that's probably a bad idea.
  
  Reviewed by:	brd
  MFC after:	4 weeks
  Sponsored by:	Spectra Logic Corp
  Differential Revision:	https://reviews.freebsd.org/D6477

Modified:
  head/etc/defaults/periodic.conf
  head/usr.sbin/periodic/periodic.8
  head/usr.sbin/periodic/periodic.sh

Modified: head/etc/defaults/periodic.conf
==============================================================================
--- head/etc/defaults/periodic.conf	Sat May 21 01:35:48 2016	(r300355)
+++ head/etc/defaults/periodic.conf	Sat May 21 02:14:11 2016	(r300356)
@@ -222,6 +222,10 @@ monthly_local="/etc/monthly.local"			# L
 
 # Security options
 
+security_show_success="YES"				# scripts returning 0
+security_show_info="YES"				# scripts returning 1
+security_show_badconfig="NO"				# scripts returning 2
+
 # These options are used by the security periodic(8) scripts spawned in
 # daily and weekly 450.status-security.
 security_status_logdir="/var/log"			# Directory for logs

Modified: head/usr.sbin/periodic/periodic.8
==============================================================================
--- head/usr.sbin/periodic/periodic.8	Sat May 21 01:35:48 2016	(r300355)
+++ head/usr.sbin/periodic/periodic.8	Sat May 21 02:14:11 2016	(r300356)
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd August 30, 2007
+.Dd May 20, 2016
 .Dt PERIODIC 8
 .Os
 .Sh NAME
@@ -166,8 +166,9 @@ table
 the top level directory containing
 .Pa daily ,
 .Pa weekly ,
+.Pa monthly ,
 and
-.Pa monthly
+.Pa security
 subdirectories which contain standard system periodic executables
 .It Pa /etc/defaults/periodic.conf
 the
@@ -175,9 +176,9 @@ the
 system registry contains variables that control the behaviour of
 .Nm
 and the standard
-.Pa daily , weekly ,
+.Pa daily , weekly , monthly ,
 and
-.Pa monthly
+.Pa security
 scripts
 .It Pa /etc/periodic.conf
 this file contains local overrides for the default

Modified: head/usr.sbin/periodic/periodic.sh
==============================================================================
--- head/usr.sbin/periodic/periodic.sh	Sat May 21 01:35:48 2016	(r300355)
+++ head/usr.sbin/periodic/periodic.sh	Sat May 21 02:14:11 2016	(r300356)
@@ -4,13 +4,13 @@
 #
 # Run nightly periodic scripts
 #
-# usage: periodic { daily | weekly | monthly } - run standard periodic scripts
+# usage: periodic { daily | weekly | monthly | security } - run standard scripts
 #        periodic /absolute/path/to/directory  - run periodic scripts in dir
 #
 
 usage () {
     echo "usage: $0 <directory of files to execute>" 1>&2
-    echo "or     $0 { daily | weekly | monthly }"    1>&2
+    echo "or     $0 { daily | weekly | monthly | security }"    1>&2
     exit 1
 }