I modified glsa-check a little bit, so that it does not send a mail when the system is not affected to any glsa. This is when using "glsa-check -m affected". If have to add, that i have no clue of python, i just tried the obvious. With this patch its possible to use something like emerge --sync && glsa-check -c -m affected on a nightly run to check the systems automatically for affected glsas. Would be nice to have this included in a future version.
Created attachment 122900 [details, diff] Patch for glsa-check so that it only sends mail if any glsa affects the system
Sorry for the delay, got sidetracked with several other things at that time and forgot about this one. I'm not sure if this a good idea or not, as the empty mail is still useful as a problem indicator (no mail => problem).
Yeah of course. I use the same strategy with backup-jobs. But I don't think that glsa-checks are that critical to fail, since you still have to monitor the overall security of your systems. Whats really annoying is if you have a lot of systems everyone sending you an empty, meaningless mail each morning. As an other example: I use cron-apt on debian with the same result.
I just submitted a patch accidentally to a related, but somewhat dissimilar bug: http://bugs.gentoo.org/show_bug.cgi?id=170784 In short: it adds a -e option, which mimics -m, however doesn't send out the e-mail if there is nothing to do. I did it this way rather than modify -m in case people are relying/liking the way -m currently functions.
Created attachment 171302 [details, diff] Indicate empty list in mail subject Slightly different implementation of the same idea. I prefer to get a mail from my cron job even in the case where there are no vulnerabilities found, just as a heartbeat. This patch changes the subject of the message, so I can delete it quickly without opening it.
Another nice idea. But still, I don't think, this scales. How many boxen do you have doing this? If you count 10 or more, do you really notice, when one does not send its information? I don't really. Would be better to check that one via your monitoring system. (As in: "Is cron executing jobs?", "Did the nightly emerge --sync run?")
Created attachment 190593 [details, diff] [PATCH] Add quiet option From: Robert Buchholz <rbu@goodpoint.de> Date: Thu, 7 May 2009 03:09:46 +0200 Subject: [PATCH] Add quiet option Incorporate option to quiet down glsa-check, based on a patch by Thilo Bangert <bangert@gentoo.org> in bug #170784. This option will also suppress sending of empty mail, based on a patch by Christian Gut <cycloon@is-root.org> in bug #182990.
gentoolkit-0.2.4.4 and gentoolkit-0.3.0_rc6 released.
