netbsd-bugs: bin/17249: /etc/daily sends always /etc/security's actually empty report

Subject: bin/17249: /etc/daily sends always /etc/security's actually empty report
To: None <gnats-bugs@gnats.netbsd.org>
From: Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
List: netbsd-bugs
Date: 06/14/2002 02:17:06

>Number:         17249
>Category:       bin
>Synopsis:       /etc/daily sends always /etc/security's actually empty report
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 13 10:18:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Takahiro Kambe
>Release:        NetBSD 1.6_BETA1
>Organization:
	
>Environment:
	
	
System: NetBSD edge.sky.yamashina.kyoto.jp 1.6_BETA1 NetBSD 1.6_BETA1 (FIVA20X) #145: Sat Jun 8 14:34:16 JST 2002 taca@edge.sky.yamashina.kyoto.jp:/usr/src/sys/arch/i386/compile/FIVA20X i386
Architecture: i386
Machine: i386
>Description:
	/etc/daily sends always /etc/security's actually empty report,
	which contains "Nothing to report on <date>".

	If nothing to report, busy administrator may want to receive
	single mail from /etc/daily.
>How-To-Repeat:
	
>Fix:
	With this patch and set always_report_security to "YES",
	/etc/daily changes process of /etc/security's outpu.

	(1) If /etc/security produce no output, then it print
	    "Nothing to report on <date>" as its output.  So, a single
	    mail will be sent for /etc/daily.

	(2) If /etc/security produce some output, then /etc/daily
	    process it as before; two mail (/etc/daily and /etc/security)
	    would be sent.
	
	always_report_security's default value is "NO" and it change 
	nothing as before.

Index: etc/defaults/daily.conf
===================================================================
retrieving revision 1.1.1.3
retrieving revision 1.1.4.2.2.1
diff -u -r1.1.1.3 -r1.1.4.2.2.1
--- etc/defaults/daily.conf	2002/06/02 11:18:45	1.1.1.3
+++ etc/defaults/daily.conf	2002/06/11 08:14:43	1.1.4.2.2.1
@@ -22,3 +22,4 @@
 run_rdist=YES
 run_security=YES
 run_skeyaudit=YES
+always_report_security=NO
Index: etc/daily
===================================================================
retrieving revision 1.1.1.4
retrieving revision 1.1.1.2.4.1.2.2
diff -u -r1.1.1.4 -r1.1.1.2.4.1.2.2
--- etc/daily	2002/06/02 11:18:22	1.1.1.4
+++ etc/daily	2002/06/11 09:06:33	1.1.1.2.4.1.2.2
@@ -225,12 +213,19 @@
 fi
 
 if checkyesno run_security; then
-	SECOUT="$DAILYDIR/sec"
-	sh /etc/security 2>&1 > "$SECOUT"
-	if [ ! -s "$SECOUT" ]; then
-		echo "Nothing to report on $date" > "$SECOUT"
+	SECOUT=$TMPDIR/sec
+	sh /etc/security 2>&1 > $SECOUT
+	if [ ! -s $SECOUT ]; then
+		if checkyesno always_report_security; then
+			echo "Nothing to report on $date" > $SECOUT
+		else
+			echo ""
+			echo "Nothing to report about security."
+		fi
+	fi
+	if [ -s $SECOUT ]; then
+		mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT
 	fi
-	mail -s "$host daily insecurity output for $date" $MAILTO < "$SECOUT"
 fi
 
 if checkyesno run_skeyaudit; then
>Release-Note:
>Audit-Trail:
>Unformatted: