From owner-svn-src-all@freebsd.org  Sat May 21 02:14:12 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A54FB437B8;
 Sat, 21 May 2016 02:14:12 +0000 (UTC)
 (envelope-from asomers@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5206811B2;
 Sat, 21 May 2016 02:14:12 +0000 (UTC)
 (envelope-from asomers@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u4L2EBiQ046036;
 Sat, 21 May 2016 02:14:11 GMT (envelope-from asomers@FreeBSD.org)
Received: (from asomers@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u4L2EBml046033;
 Sat, 21 May 2016 02:14:11 GMT (envelope-from asomers@FreeBSD.org)
Message-Id: <201605210214.u4L2EBml046033@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: asomers set sender to
 asomers@FreeBSD.org using -f
From: Alan Somers <asomers@FreeBSD.org>
Date: Sat, 21 May 2016 02:14:11 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r300356 - in head: etc/defaults usr.sbin/periodic
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 21 May 2016 02:14:12 -0000

Author: asomers
Date: Sat May 21 02:14:11 2016
New Revision: 300356
URL: https://svnweb.freebsd.org/changeset/base/300356

Log:
  Better document security_show_{success,info,badconfig} in /etc/periodic.conf
  
  periodic(8) already handles the security_show_{success,info,badconfig}
  variables correctly. However, those variables aren't explicitly set in
  /etc/defaults/periodic.conf or anywhere else, which suggests to the user
  that they shouldn't be used.
  
  etc/defaults/periodic.conf
  	Explicitly set defaults for security_show_{success,info,badconfig}
  
  usr.sbin/periodic/periodic.sh
  	Update usage string
  
  usr.sbin/periodic/periodic.8
  	Minor man page updates
  
  One thing I'm _not_ doing is recommending setting security_output to
  /var/log/security.log or adding that file to /etc/newsyslog.conf, because
  periodic(8) would create it with default permissions, usually 644, and
  that's probably a bad idea.
  
  Reviewed by:	brd
  MFC after:	4 weeks
  Sponsored by:	Spectra Logic Corp
  Differential Revision:	https://reviews.freebsd.org/D6477

Modified:
  head/etc/defaults/periodic.conf
  head/usr.sbin/periodic/periodic.8
  head/usr.sbin/periodic/periodic.sh

Modified: head/etc/defaults/periodic.conf
==============================================================================
--- head/etc/defaults/periodic.conf	Sat May 21 01:35:48 2016	(r300355)
+++ head/etc/defaults/periodic.conf	Sat May 21 02:14:11 2016	(r300356)
@@ -222,6 +222,10 @@ monthly_local="/etc/monthly.local"			# L
 
 # Security options
 
+security_show_success="YES"				# scripts returning 0
+security_show_info="YES"				# scripts returning 1
+security_show_badconfig="NO"				# scripts returning 2
+
 # These options are used by the security periodic(8) scripts spawned in
 # daily and weekly 450.status-security.
 security_status_logdir="/var/log"			# Directory for logs

Modified: head/usr.sbin/periodic/periodic.8
==============================================================================
--- head/usr.sbin/periodic/periodic.8	Sat May 21 01:35:48 2016	(r300355)
+++ head/usr.sbin/periodic/periodic.8	Sat May 21 02:14:11 2016	(r300356)
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd August 30, 2007
+.Dd May 20, 2016
 .Dt PERIODIC 8
 .Os
 .Sh NAME
@@ -166,8 +166,9 @@ table
 the top level directory containing
 .Pa daily ,
 .Pa weekly ,
+.Pa monthly ,
 and
-.Pa monthly
+.Pa security
 subdirectories which contain standard system periodic executables
 .It Pa /etc/defaults/periodic.conf
 the
@@ -175,9 +176,9 @@ the
 system registry contains variables that control the behaviour of
 .Nm
 and the standard
-.Pa daily , weekly ,
+.Pa daily , weekly , monthly ,
 and
-.Pa monthly
+.Pa security
 scripts
 .It Pa /etc/periodic.conf
 this file contains local overrides for the default

Modified: head/usr.sbin/periodic/periodic.sh
==============================================================================
--- head/usr.sbin/periodic/periodic.sh	Sat May 21 01:35:48 2016	(r300355)
+++ head/usr.sbin/periodic/periodic.sh	Sat May 21 02:14:11 2016	(r300356)
@@ -4,13 +4,13 @@
 #
 # Run nightly periodic scripts
 #
-# usage: periodic { daily | weekly | monthly } - run standard periodic scripts
+# usage: periodic { daily | weekly | monthly | security } - run standard scripts
 #        periodic /absolute/path/to/directory  - run periodic scripts in dir
 #
 
 usage () {
     echo "usage: $0 <directory of files to execute>" 1>&2
-    echo "or     $0 { daily | weekly | monthly }"    1>&2
+    echo "or     $0 { daily | weekly | monthly | security }"    1>&2
     exit 1
 }