On Wed, 10 May 2006 06:00:57 +0000 (UTC), Jason White
<jdwhite@menelos.com> wrote:

> On several occasions I've found that the output of /etc/security contains 
> information that I do not wish to have mailed cleartext.  I've modified 
> /etc/daily to implement a scheme for PGP encrypting the daily insecurity 
> output.  Two new options in /etc/daily.conf enable this functionality:
> 
>   encrypt_security=YES
>   SECURE_RECIPIENTS="jdwhite@menelos.com other@address.org"
> 
> SECURE_RECIPIENTS is a space separated list of PGP/GPG recipient IDs.  GPG is 
> required for this to work.  The root account's keyring must contain the keys 
> defined by SECURE_RECIPIENTS.  In addition, a program called 'mpack' 
> (from converters/mpack) creates a MIME encoded message with the PGP encoded 
> output as an attachment of type application/pgp and sends the message.
> 
> I believe the reliance on mpack could be eliminated and replaced with a 
> series of echo commands to a temp file with the appropriate MIME headers and 
> boundary strings -- the whole thing eventually piped to 'sendmail -t', but 
> it's less elegant then the mpack one-liner.
> 
> I plan to file a PR eventually, but would appreciate feedback on this idea 
> and/or its implementation.

The problem with this scheme is that it creates an (optional) dependency
in the base system on something in pkgsrc.  Let me suggest an alternate
strategy: modify /etc/security to have some standard API to some arbitrary
other program.  Then create a package -- which depends on gnupg and mpack
-- do do what you want.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb