Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 30 Aug 2013 12:59:48 +0200 (CEST)
From:      freebsd@omnilan.de
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   conf/181681: periodic inline security output missing with daily_show_success=NO
Message-ID:  <201308301059.r7UAxmK3003988@altair.aquila.inop.dcm1.omnilan.net>
Resent-Message-ID: <201308301110.r7UBA056007099@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         181681
>Category:       conf
>Synopsis:       periodic inline security output missing with daily_show_success=NO
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 30 11:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Harald Schmalzbauer
>Release:        FreeBSD 9.2-RC3+FP1 amd64
>Organization:
OmniLAN
>Environment:
System: FreeBSD altair.aquila.inop.dcm1.omnilan.net 9.2-RC3+FP1 FreeBSD 9.2-RC3+FP1 #5 r254954M: Tue Aug 27 15:22:39 CEST 2013 admin@preed.labshop.wdn.omnilan.net:/usr/local/share/deploy-tools/obj-amd64/VMWARE/usr/local/share/deploy-tools/RELENG_9_2/src/sys/VMWARE.altair amd64


	
>Description:
	If you don't want to get extra security letters from periodic,
you set daily_status_security_inline="YES" in your periodic.conf.
	If you also don't want to get results from successfull scripts,
you set daily_show_success="NO" in your periodic.conf.

Having this combination leads to no security letter at all, since 
450.status-security script starts security/* scripts and terminates
successfull at the end, regardless if security scripts return with >0.

>How-To-Repeat:
	Set the above described two option in periodic.conf and run 'periodic daily'
>Fix:

--- etc/periodic/daily/450.status-security	2013-08-30 12:35:17.000000000 +0200
+++ etc/periodic/daily/450.status-security	2013-08-30 12:38:21.000000000 +0200
@@ -18,7 +18,11 @@
 
 	case "$daily_status_security_inline" in
 	    [Yy][Ee][Ss])
-		daily_status_security_output="";;
+		daily_status_security_output=""
+		if [ "$daily_show_success" != "[Yy][Ee][Ss]" ]
+		then
+		    rc=1
+		fi;;
 	esac
 
 	export security_output="${daily_status_security_output}"

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201308301059.r7UAxmK3003988>