diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf
index 682692de5950..85f2ee73ede9 100644
--- a/etc/defaults/periodic.conf
+++ b/etc/defaults/periodic.conf
@@ -128,6 +128,7 @@ daily_status_security_inline="NO"			# Run inline ?
 daily_status_security_output="root"			# user or /file
 daily_status_security_noamd="NO"			# Don't check amd mounts
 daily_status_security_logdir="/var/log"			# Directory for logs
+daily_status_security_diff_flags="-b -u"		# flags for diff output
 
 # 100.chksetuid
 daily_status_security_chksetuid_enable="YES"
diff --git a/etc/periodic/security/security.functions b/etc/periodic/security/security.functions
index 29c61aa4e392..c5aa3c39be44 100644
--- a/etc/periodic/security/security.functions
+++ b/etc/periodic/security/security.functions
@@ -67,7 +67,8 @@ check_diff() {
     [ $rc -lt 1 ] && rc=1
     echo ""
     echo "${msg}"
-    diff -b ${LOG}/${label}.today ${tmpf} | eval "${filter}"
+    diff ${daily_status_security_diff_flags} ${LOG}/${label}.today \
+	${tmpf} | eval "${filter}"
     mv ${LOG}/${label}.today ${LOG}/${label}.yesterday || rc=3
     mv ${tmpf} ${LOG}/${label}.today || rc=3
   fi
diff --git a/share/man/man5/periodic.conf.5 b/share/man/man5/periodic.conf.5
index dc6a9b8addfd..1aee8f4ce4b1 100644
--- a/share/man/man5/periodic.conf.5
+++ b/share/man/man5/periodic.conf.5
@@ -439,6 +439,13 @@ This variable behaves in the same way as the
 .Va *_output
 variables above, namely it can be set either to one or more email addresses
 or to an absolute file name.
+.It Va daily_status_security_diff_flags
+.Pq Vt str
+Set to the arguments to pass to the
+.Xr diff 1
+utility when generating differences.
+The default is
+.Fl b Fl u .
 .It Va daily_status_security_chksetuid_enable
 .Pq Vt bool
 Set to
@@ -723,6 +730,7 @@ is shared or distributed.
 .Xr apropos 1 ,
 .Xr calendar 1 ,
 .Xr df 1 ,
+.Xr diff 1 ,
 .Xr gzip 1 ,
 .Xr locate 1 ,
 .Xr man 1 ,