- Copy stable/10 (r259064) to releng/10.0 as part of the
10.0-RELEASE cycle.
- Update __FreeBSD_version [1]
- Set branch name to -RC1

[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so
start releng/10.0 at '100' so the branch is started with
a value ending in zero.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Make the period of each periodic security script configurable.

There are now six additional variables
weekly_status_security_enable
weekly_status_security_inline
weekly_status_security_output
monthly_status_security_enable
monthly_status_security_inline
monthly_status_security_output
alongside their existing daily counterparts. They all have the same
default values.

All other "daily_status_security_${scriptname}_${whatever}"
variables have been renamed to "security_status_${name}_${whatever}".
A compatibility shim has been introduced for the old variable names,
which we will be able to remove in 11.0-RELEASE.

"security_status_${name}_enable" is still a boolean but a new
"security_status_${name}_period" allows to define the period of
each script. The value is one of "daily" (the default for backward
compatibility), "weekly", "monthly" and "NO".

Note that when the security periodic scripts are run directly from
crontab(5) (as opposed to being called by daily or weekly periodic
scripts), they will run unless the test is explicitely disabled with a
"NO", either for in the "_enable" or the "_period" variable.

When the security output is not inlined, the mail subject has been
changed from "$host $arg run output" to "$host $arg $period run output".
For instance:
myfbsd security run output -> myfbsd security daily run output
I don't think this is considered as a stable API, but feel free to
correct me if I'm wrong.

Finally, I will rearrange periodic.conf(5) and default/periodic.conf
to put the security options in their own section. I left them in
place for this commit to make reviewing easier.

Reviewed by: hackers@

Rev. 1.8 broke matching on lines where the failure mode is at the head
of the message, such as:
Jun 30 10:49:21 rogue sshd[17553]: Invalid user iceman from 127.0.0.1

PR: conf/124569
Submitted by: Taku <taku@tekipaki.jp>

Only match on log messages containing fail,invalid,
bad or illegal. This prevents matching on systems that
have a name that matches the query.

PR: conf/107560
Submitted by: Christian Laursen <cfsl at pil dot dk>
MFC after: 3 days
Approved by: imp (mentor)

Use egrep instead of grep so that reporting of login failures (broken
by revision 1.6) works again. This fix is already in RELENG_6, but was
never committed to HEAD.

Enhance loginfail: it will catch sshd, proftpd and su errors, as well as other programs

PR: conf/70973
Submitted by: Ryan Sommers" <ryans@gamersimpact.com>
Approved by: philip (mentor)
MFC after: 3 days

Add support for bzip2ed log files.

Make it work with POSIX sort (POS arg).
All old sorts understand -k too.

No need to explicitly check for both cases when using grep -i.

Update login failure checking to check auth.log instead of messages,
and teach it to look for more general classes of failures, including
SSH login failures. This is similar but not identical to a patch
submitted by aeonflux@synapse.subneural.net.

Long ago, there was just /etc/daily. Then /etc/security was split out
of /etc/daily. Some time later, /etc/daily became a set of periodic(8)
scripts. Now, this evolution continues, and /etc/security has been
broken into periodic(8) scripts to make local customization easier and
more maintainable.

Reviewed by: ru
Approved by: ru