From afcf65b56b10fae5fa1ffc17845c0c2fbb24108b Mon Sep 17 00:00:00 2001
From: Brian Somers <brian@FreeBSD.org>
Date: Tue, 30 Jan 2001 10:24:18 +0000
Subject: [PATCH] Allow the output of /etc/security to be logged or mailed to
 different users in line with ${daily,weekly,monthly}_output using a new
 $daily_status_security_output variable.

PR:	24643
---
 etc/defaults/periodic.conf             |  1 +
 etc/periodic/daily/450.status-security | 17 ++++++++++++-----
 share/man/man5/periodic.conf.5         | 15 +++++++++++++--
 3 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf
index c50d28a8664..f72b1460b2e 100644
--- a/etc/defaults/periodic.conf
+++ b/etc/defaults/periodic.conf
@@ -110,6 +110,7 @@ daily_status_mailq_shorten="NO"				# Shorten output
 # 450.status-security
 daily_status_security_enable="YES"			# Security check
 daily_status_security_inline="NO"			# Run inline ?
+daily_status_security_output="root"			# user or /file
 daily_status_security_noamd="NO"			# Don't check amd mounts
 daily_status_security_nomfs="NO"			# Don't check mfs mounts
 
diff --git a/etc/periodic/daily/450.status-security b/etc/periodic/daily/450.status-security
index 61fcf8b44cd..4953fbb9c73 100755
--- a/etc/periodic/daily/450.status-security
+++ b/etc/periodic/daily/450.status-security
@@ -30,13 +30,20 @@ case "$daily_status_security_enable" in
 
 	case "$daily_status_security_inline" in
 	    [Yy][Ee][Ss])
-		    sh /etc/security -s $args
-		    rc=$?;;
+		sh /etc/security -s $args
+		rc=$?;;
 
 	    *)
-		    echo "    (output mailed separately)"
-		    sh /etc/security $args 2>&1 |
-			sendmail root && rc=0 || rc=3;;
+		case "${daily_status_security_output:=root}" in
+		    /*)
+			echo "    (output logged separately)"
+			sh /etc/security -s $args \
+			    >$daily_status_security_output 2>&1;;
+		    *)
+			echo "    (output mailed separately)"
+			sh /etc/security $args 2>&1 |
+			    sendmail $daily_status_security_output;;
+		esac;;
 	esac;;
 
     *)  rc=0;;
diff --git a/share/man/man5/periodic.conf.5 b/share/man/man5/periodic.conf.5
index e48d2e30770..74a3937ee7f 100644
--- a/share/man/man5/periodic.conf.5
+++ b/share/man/man5/periodic.conf.5
@@ -359,8 +359,19 @@ if you want to run
 if you want to run
 .Pa /etc/security
 inline.
-The alternative is to run it as a background job, mailing the output to
-.An root .
+The default is to either mail or log the output according to the value of
+.Ar $daily_status_security_output .
+.It Ar daily_status_security_output
+(str) Where to send the output of
+.Pa /etc/security
+if
+.Ar $daily_status_security_inline
+is set to
+.Dq NO .
+This variable behaves in the same way as the
+.Ar *_output
+variables above, namely it can be set either to one or more email addresses
+or to an absolute file name.
 .It Ar daily_status_security_noamd
 (bool) Set to
 .Dq YES