Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's
some risk that the users don't get warned if an admin turns off running /etc/security (by putting run_security=no into daily.conf). Fixes PR 12267.
This commit is contained in:
parent
154b1d1121
commit
efc93d040b
@ -1,4 +1,4 @@
|
||||
# $NetBSD: security.conf,v 1.4 2001/02/11 09:55:09 jdolecek Exp $
|
||||
# $NetBSD: security.conf,v 1.5 2001/03/15 02:23:48 hubertf Exp $
|
||||
#
|
||||
# /etc/defaults/security.conf --
|
||||
# default configuration of /etc/security.conf
|
||||
@ -23,8 +23,6 @@ check_mtree=YES
|
||||
check_disklabels=YES
|
||||
check_changelist=YES
|
||||
|
||||
run_skeyaudit=YES
|
||||
|
||||
backup_dir=/var/backups
|
||||
|
||||
max_loginlen=8
|
||||
|
@ -1,6 +1,6 @@
|
||||
#!/bin/sh -
|
||||
#
|
||||
# $NetBSD: security,v 1.50 2001/03/12 16:48:13 atatat Exp $
|
||||
# $NetBSD: security,v 1.51 2001/03/15 02:23:47 hubertf Exp $
|
||||
# from: @(#)security 8.1 (Berkeley) 6/9/93
|
||||
#
|
||||
|
||||
@ -710,12 +710,6 @@ if [ -n "$CHANGELIST" ]; then
|
||||
done
|
||||
fi
|
||||
|
||||
# run skeyaudit to inform users of ready to expire S/Keys
|
||||
#
|
||||
if checkyesno run_skeyaudit; then
|
||||
skeyaudit
|
||||
fi
|
||||
|
||||
if [ -f /etc/security.local ]; then
|
||||
echo ""
|
||||
echo "Running /etc/security.local:"
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: daily.conf.5,v 1.7 2000/11/17 10:14:17 lukem Exp $
|
||||
.\" $NetBSD: daily.conf.5,v 1.8 2001/03/15 02:23:48 hubertf Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1996 Matthew R. Green
|
||||
.\" All rights reserved.
|
||||
@ -112,9 +112,10 @@ This runs the
|
||||
.Pa /etc/security
|
||||
script looking for possible security problems with the system.
|
||||
.It Sy run_skeyaudit
|
||||
This runs
|
||||
Runs the
|
||||
.Xr skeyaudit 8
|
||||
to notify any s/key OTP users when they are low on remaining keys.
|
||||
program to check the S/Key database and informs users of S/Keys that
|
||||
are about to expire.
|
||||
.El
|
||||
.Pp
|
||||
.Sh FILES
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: security.conf.5,v 1.11 2001/02/11 09:55:09 jdolecek Exp $
|
||||
.\" $NetBSD: security.conf.5,v 1.12 2001/03/15 02:23:48 hubertf Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1996 Matthew R. Green
|
||||
.\" All rights reserved.
|
||||
@ -104,11 +104,6 @@ and their backups in
|
||||
and
|
||||
.Pa /var/backups/file.backup ,
|
||||
and displays any differences found.
|
||||
.It Sy run_skeyaudit
|
||||
The
|
||||
.Xr skeyaudit 1
|
||||
program checks the S/Key database and informs users of S/Keys that
|
||||
are about to expire.
|
||||
.El
|
||||
.Pp
|
||||
The variables described below can be set to modify the tests:
|
||||
|
Loading…
Reference in New Issue
Block a user