Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's

some risk that the users don't get warned if an admin turns off running /etc/security (by putting run_security=no into daily.conf). Fixes PR 12267.
2001-03-15 02:23:47 +00:00 · 2001-03-15 02:23:47 +00:00 · efc93d040b
parent 154b1d1121
commit efc93d040b
4 changed files with 7 additions and 19 deletions
--- a/etc/defaults/security.conf
+++ b/etc/defaults/security.conf
@ -1,4 +1,4 @@
-#	$NetBSD: security.conf,v 1.4 2001/02/11 09:55:09 jdolecek Exp $
+#	$NetBSD: security.conf,v 1.5 2001/03/15 02:23:48 hubertf Exp $
 #
 # /etc/defaults/security.conf --
 #	default configuration of /etc/security.conf
@ -23,8 +23,6 @@ check_mtree=YES
 check_disklabels=YES
 check_changelist=YES

-run_skeyaudit=YES
-
 backup_dir=/var/backups

 max_loginlen=8
--- a/etc/security
+++ b/etc/security
@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$NetBSD: security,v 1.50 2001/03/12 16:48:13 atatat Exp $
+#	$NetBSD: security,v 1.51 2001/03/15 02:23:47 hubertf Exp $
 #	from: @(#)security	8.1 (Berkeley) 6/9/93
 #

@ -710,12 +710,6 @@ if [ -n "$CHANGELIST" ]; then
 	done
 fi

-# run skeyaudit to inform users of ready to expire S/Keys
-#
-if checkyesno run_skeyaudit; then
-	skeyaudit
-fi
-
 if [ -f /etc/security.local ]; then
 	echo ""
 	echo "Running /etc/security.local:"
--- a/share/man/man5/daily.conf.5
+++ b/share/man/man5/daily.conf.5
@ -1,4 +1,4 @@
-.\"	$NetBSD: daily.conf.5,v 1.7 2000/11/17 10:14:17 lukem Exp $
+.\"	$NetBSD: daily.conf.5,v 1.8 2001/03/15 02:23:48 hubertf Exp $
 .\"
 .\" Copyright (c) 1996 Matthew R. Green
 .\" All rights reserved.
@ -112,9 +112,10 @@ This runs the
 .Pa /etc/security
 script looking for possible security problems with the system.
 .It Sy run_skeyaudit
-This runs
+Runs the
 .Xr skeyaudit 8
-to notify any s/key OTP users when they are low on remaining keys.
+program to check the S/Key database and informs users of S/Keys that
+are about to expire.
 .El
 .Pp
 .Sh FILES
--- a/share/man/man5/security.conf.5
+++ b/share/man/man5/security.conf.5
@ -1,4 +1,4 @@
-.\"	$NetBSD: security.conf.5,v 1.11 2001/02/11 09:55:09 jdolecek Exp $
+.\"	$NetBSD: security.conf.5,v 1.12 2001/03/15 02:23:48 hubertf Exp $
 .\"
 .\" Copyright (c) 1996 Matthew R. Green
 .\" All rights reserved.
@ -104,11 +104,6 @@ and their backups in
 and 
 .Pa /var/backups/file.backup ,
 and displays any differences found.
-.It Sy run_skeyaudit
-The
-.Xr skeyaudit 1
-program checks the S/Key database and informs users of S/Keys that
-are about to expire.
 .El
 .Pp
 The variables described below can be set to modify the tests: