MFC r320135:

periodic(8): delete trailing whitespace

MFC r300356

Better document security_show_{success,info,badconfig} in /etc/periodic.conf

periodic(8) already handles the security_show_{success,info,badconfig}
variables correctly. However, those variables aren't explicitly set in
/etc/defaults/periodic.conf or anywhere else, which suggests to the user
that they shouldn't be used.

etc/defaults/periodic.conf
Explicitly set defaults for security_show_{success,info,badconfig}

usr.sbin/periodic/periodic.sh
Update usage string

usr.sbin/periodic/periodic.8
Minor man page updates

One thing I'm _not_ doing is recommending setting security_output to
/var/log/security.log or adding that file to /etc/newsyslog.conf, because
periodic(8) would create it with default permissions, usually 644, and
that's probably a bad idea.

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Include the calling context in the mail subject, if any.

More concretely, periodic security scripts defaults to being
called from daily ones -- daily context -- so the mail subject
will now be "${HOST} daily security run output" instead of
"{HOST} security run output".

If you switch the period of some security checks to weekly, you
will receive another email "${HOST} weekly security run output".

Export a PERIODIC environment variable from periodic(8). This will
allow periodic security scripts to know if they have been called in
a daily or a weekly context.

Prevent periodic scripts that run longer than the expected period from
starting up before the previous script finishes. This prevents an
infinite number of them from piling up and slowing a system down.

Since all the refactoring to make this happen required churning the
indenting of most of this file, make the indentation more consistent.

Reviewed by: simon
MFC after: 1 week

Add an option to make periodic(8) quiet when no output was generated.

The man page part of the patch is my fault, the changes to the
periodic script is Dominik's.

PR: 88486
Submitted by: Dominik Brettnacher <domi@saargate.de>
Reviewed by: brian
Approved by: re
MFC after: 1 month

Mention the ``end of output'' for each periodic script.

Submitted by: David Wolfskill <david@catwhisker.org>
PR: 37036
MFC after: 1 week

Properly fix the temporary file creation in the case of multiple
command-line arguments.

Noticed by: dynamo <dynamo@ime.net>

Don't use a trivially predictable temporary filename and keep recreating
it again and again, practically begging the Bad Man to insert his symlink
underneath it and send us down the path to oblivion.

Noticed by: David Lary <dlary@secureworks.net>

Fix a typo

Spotted by: Manfred Antar <null@pozo.com>

Put temporary output in ${TMPDIR:-/tmp}
If $<basedir>_output is not set, don't redirect output

PR: 21395

Don't clobber $? before using it.

Submitted by: James Barkley <jbarkley@wgate.com>

Fix situations where none of the scripts executed produce output,
so that we don't see any more ``null message body, hope that's
ok'' messages.

We now see something like ``No output from the 3 files processed''.

Lump all output for a given periodic argument together so that
people with /usr/local/etc/periodic/daily (for example) will
get the output of those jobs together with the normal daily run
rather than getting a second email.

Prompted by: ben

Another overhaul of the periodic stuff.

All periodic sub-scripts <larf> now have their return codes interpreted
by periodic(8). Output may be masked based on variable values in
periodic.conf.

It's also now possible to email periodic output to arbitrary addresses,
or to send it to a log file, examples of which can be found in
newsyslog.conf.

The upshot of it all should be no discernable changes to the default
behaviour of periodic(8).

PR: 21250

Introduce /etc/defaults/periodic.conf, similar in concept to rc.conf.
The only change in the default functionality should be that
the output reports are slightly more verbose WRT files deleted.

Not objected to by: freebsd-arch

Update periodic to use the function source_rc_confs that
/etc/defaults/rc.conf now exports.

export host after setting it.

This is needed so passwd diffs show the hostname instead of
" passwd diffs:"

PR: 17651
Submitted by: Giorgos Keramidas <keramida@ceid.upatras.gr>

$Id$ -> $FreeBSD$

Look in correct rc.conf file.

Submitted by: Kevin Street <street@iname.com

Make periodic(8) and the security mailings reflect the full FQDN, as opposed
to a hostname. This will help those who keep a cluster of machines all with
the same hostname but different domain names.

PR: bin/9091
Submitted By: Heikki Suonsivu <hsu@clinet.fi>
No Response From: -current mailing list

Directories aren't executable.

Submitted by: Dennis Glatting <dennis.glatting@software-munitions.com>
(misc/9147)

Change local_cron to local_periodic.
Submitted by: bde

Use /etc/periodic

Back out the fancy directory sorting, it's more pain that its worth,
and it's there in the CVS repository in case someone things that this
idea is superkeen.

Incorporate some ideas that came up during discussion with msmith.

This commit was generated by cvs2svn to compensate for changes in r28112,
which included commits to RCS files with non-trunk default branches.

Initial import of periodic executable control program.