 @@ -1,16 +1,16 @@
 #!/bin/sh -
+#
-#	$NetBSD: security,v 1.125 2019/09/18 22:27:55 uwe Exp $
+#	$NetBSD: security,v 1.126 2019/12/06 14:43:30 riastradh Exp $
 #	from: @(#)security	8.1 (Berkeley) 6/9/93
+#
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
 rcvar_manpage='security.conf(5)'
 if [ -f /etc/rc.subr ]; then
 	. /etc/rc.subr
 else
 	echo "Can't read /etc/rc.subr; aborting."
 	exit 1;
 fi
 @@ -1039,26 +1039,33 @@ if checkyesno check_changelist ; then
 				# ... expand possible files
+				#
 			ls -1d $file 2>/dev/null
 			;;
 		*)
 				# Otherwise, just print the filename
 			echo $file
 			;;
 		esac
 	done >> $CHANGEFILES
 	CHANGELIST="$CHANGEFILES $CHANGELIST"
 fi
 # Save entropy to ${random_file} if defined, like
 # /etc/rc.d/random_seed.
+#
 if [ -n "${random_file:-}" ]; then
 	rndctl -S "$random_file"
 fi
 # Special case backups, including the master password file and
 # ssh private host keys. The normal backup mechanisms for
 # $check_changelist (see below) also print out the actual file
 # differences and we don't want to do that for these files
+#
 echo $MP > $TMP1			# always add /etc/master.passwd
 mtree -D -k type -f $SPECIALSPEC -I nodiff |
     sed '/^type=file/!d ; s/type=file \.//' | unvis >> $TMP1
 grep -v '^$' $TMP1 | sort -u > $TMP2
 while read file; do
 	backup_and_diff "$file" no
 done < $TMP2

 @@ -1,14 +1,14 @@
-#	$NetBSD: security.conf,v 1.26 2013/11/06 19:37:05 spz Exp $
+#	$NetBSD: security.conf,v 1.27 2019/12/06 14:43:29 riastradh Exp $
+#
 # /etc/defaults/security.conf --
 #	default configuration of /etc/security.conf
+#
 # see security.conf(5) for more information.
+#
 # DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE.
 # EDIT /etc/security.conf INSTEAD.
+#
 check_passwd=YES
 check_group=YES
 check_rootdotfiles=YES
 @@ -36,13 +36,15 @@ check_homes_permit_other_owner=""
 check_devices_ignore_fstypes="!local fdesc kernfs null procfs ptyfs ntfs msdos"
 check_devices_ignore_paths=""
 check_mtree_follow_symlinks=NO
 check_passwd_nowarn_shells="/sbin/nologin"
 check_passwd_nowarn_users=""
 check_passwd_permit_dups="toor"
 check_passwd_permit_star=NO
 check_passwd_permit_nonalpha=NO
 max_loginlen=16
 max_grouplen=16
 random_file=/var/db/entropy-file

 @@ -1,14 +1,14 @@
-.\"	$NetBSD: security.conf.5,v 1.40 2013/11/06 19:37:06 spz Exp $
+.\"	$NetBSD: security.conf.5,v 1.41 2019/12/06 14:43:30 riastradh Exp $
 .\"
 .\" Copyright (c) 1996 Matthew R. Green
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\"
 @@ -272,26 +272,37 @@ instead.
 If defined, points to the location of the packages database.
 Defaults to
 .Pa /var/db/pkg .
 .It Sy backup_uses_rcs
 Use
 .Xr rcs 1
 for maintaining backup copies of files noted in
 .Sy check_devices ,
 .Sy check_disklabels ,
 .Sy check_pkgs ,
 and
 .Sy check_changelist
 instead of just keeping a current copy and a backup copy.
 .It Sy random_file
 Name of the entropy seed file used at boot.
 Default is
 .Pa /var/db/entropy-file
 as used by
 .Pa /etc/rc.d/random_seed .
 Set
 .Sy random_file
 to empty to disable saving a seed every time
 .Pa /etc/security
 runs.
 .El
 .Sh FILES
 .Bl -tag -width /etc/defaults/security.conf -compact
 .It Pa /etc/defaults/security.conf
 defaults for /etc/security.conf
 .It Pa /etc/security
 daily security check script
 .It Pa /etc/security.conf
 daily security check configuration
 .It Pa /etc/security.local
 local site additions to
 .Pa /etc/security
 .El