conf/178611: [patch] daily_status_security_inline broken in 450.status-security

[Jason Unovitch]

>Number:         178611
>Category:       conf
>Synopsis:       [patch] daily_status_security_inline broken in 
>450.status-security
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 14 04:40:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Jason Unovitch
>Release:        FreeBSD 9.1-RELEASE
>Organization:
N/A
>Environment:
FreeBSD xts-bsd 9.1-RELEASE-p3 FreeBSD 9.1-RELEASE-p3 #0: Mon Apr 29 18:27:25 
UTC 2013     r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  
amd64

# $FreeBSD: release/9.1.0/etc/periodic/daily/450.status-security 221432 
2011-05-04 12:48:02Z netchild $
>Description:
The current /etc/periodic/daily/450.status-security combines two 'case' 
statements together resulting in the second case statement being passed when 
daily_status_security_inline="YES".  When daily_show_success="NO" this will 
also result in the security report vanishing rather than showing up as intended 
by the "") rc=3;; statement in the script.

See discussion here for more details and a more detailed breakdown.
http://forums.freebsd.org/showthread.php?t=39113
>How-To-Repeat:
echo 'daily_show_success="NO"' >> /etc/periodic.conf
echo 'daily_status_security_inline="YES"' >> /etc/periodic.conf
periodic daily
>Fix:
Apply attached patch file or update as follows.


#!/bin/sh
#
# $FreeBSD: release/9.1.0/etc/periodic/daily/450.status-security 221432 
2011-05-04 12:48:02Z netchild $
#

# If there is a global system configuration file, suck it in.
#
if [ -r /etc/defaults/periodic.conf ]
then
    . /etc/defaults/periodic.conf
    source_periodic_confs
fi

case "$daily_status_security_enable" in
    [Yy][Ee][Ss])
        echo ""
        echo "Security check:"

        case "$daily_status_security_inline" in
            [Yy][Ee][Ss])
                export security_output="";;
            *)
                export security_output="${daily_status_security_output}";;
        esac

        case "$security_output" in
            "")
                rc=3;;
            /*)
                echo "    (output logged separately)"
                rc=0;;
            *)
                echo "    (output mailed separately)"
                rc=0;;
        esac

        periodic security || rc=3;;

    *)  rc=0;;
esac

Patch attached with submission follows:

--- /root/450.status-security.20130508  2013-05-09 06:09:24.000000000 +0000
+++ /etc/periodic/daily/450.status-security     2013-05-12 05:09:34.000000000 
+0000
@@ -20,17 +20,18 @@
            [Yy][Ee][Ss])
                export security_output="";;
            *)
-               export security_output="${daily_status_security_output}"
-               case "${daily_status_security_output}" in
-                   "")
-                       rc=3;;
-                   /*)
-                       echo "    (output logged separately)"
-                       rc=0;;
-                   *)
-                       echo "    (output mailed separately)"
-                       rc=0;;
-               esac;;
+               export security_output="${daily_status_security_output}";;
+       esac
+
+       case "$security_output" in
+           "")
+               rc=3;;
+           /*)
+               echo "    (output logged separately)"
+               rc=0;;
+           *)
+               echo "    (output mailed separately)"
+               rc=0;;
        esac
 
        periodic security || rc=3;;


>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"