Jail's emails
Michael Gmelin
freebsd at grem.de
Sat Jun 11 14:13:59 UTC 2016
> On 11 Jun 2016, at 15:02, abi <abi at abinet.ru> wrote:
>
> Most of work is done by host, so the plan is to disable some of periodic stuff, leaving only serious matters like port security.
>
> This can be done by creating /etc/periodic.conf.local file with contents like this:
> ## This is JAILED systems periodic configuration ##
>
> # Daily options
>
> daily_status_network_enable="NO"
> daily_clean_hoststat_enable="NO"
> daily_status_mail_rejects_enable="NO"
> daily_status_include_submit_mailq="NO"
> daily_status_mailq_enable="NO"
> daily_submit_queuerun="NO"
> daily_status_disks_enable="NO" # Check disk status
> daily_status_rwho_enable="NO"
> daily_status_security_pkgaudit_enable="YES"
> daily_pgsql_backup_enable="YES"
>
> daily_show_empty_output="NO"
> daily_show_success="NO"
>
> security_status_kernelmsg_enable="NO"
>
> security_show_empty_output="NO"
> security_show_success="NO"
>
> # Weekly options
>
> weekly_whatis_enable="NO" # our jails are read-only /usr
>
> weekly_show_success="NO"
> weekly_show_info="NO"
> weekly_show_empty_output="NO"
>
> With this config files most of the time jail has nothing to report.
You can also install ports-mgmt/jailaudit on the host to audit packages in all jails and get the result in the host's security output (afaik this way individual jails won't have to fetch the audit database).
- m
More information about the freebsd-ports
mailing list