svn commit: r254974 - in head: etc/defaults etc/periodic/monthly etc/periodic/security etc/periodic/weekly share/man/man5
Jeremie Le Hen
jlh at FreeBSD.org
Tue Aug 27 21:31:59 UTC 2013
On Tue, Aug 27, 2013 at 09:20:29PM +0000, Jeremie Le Hen wrote:
> Author: jlh
> Date: Tue Aug 27 21:20:28 2013
> New Revision: 254974
> URL: http://svnweb.freebsd.org/changeset/base/254974
>
> Log:
> Make the period of each periodic security script configurable.
>
> There are now six additional variables
> weekly_status_security_enable
> weekly_status_security_inline
> weekly_status_security_output
> monthly_status_security_enable
> monthly_status_security_inline
> monthly_status_security_output
> alongside their existing daily counterparts. They all have the same
> default values.
>
> All other "daily_status_security_${scriptname}_${whatever}"
> variables have been renamed to "security_status_${name}_${whatever}".
> A compatibility shim has been introduced for the old variable names,
> which we will be able to remove in 11.0-RELEASE.
>
> "security_status_${name}_enable" is still a boolean but a new
> "security_status_${name}_period" allows to define the period of
> each script. The value is one of "daily" (the default for backward
> compatibility), "weekly", "monthly" and "NO".
>
> Note that when the security periodic scripts are run directly from
> crontab(5) (as opposed to being called by daily or weekly periodic
> scripts), they will run unless the test is explicitely disabled with a
> "NO", either for in the "_enable" or the "_period" variable.
>
> When the security output is not inlined, the mail subject has been
> changed from "$host $arg run output" to "$host $arg $period run output".
> For instance:
> myfbsd security run output -> myfbsd security daily run output
> I don't think this is considered as a stable API, but feel free to
> correct me if I'm wrong.
>
> Finally, I will rearrange periodic.conf(5) and default/periodic.conf
> to put the security options in their own section. I left them in
> place for this commit to make reviewing easier.
In summary, just add the following lines to periodic.conf(5) to avoid
running those I/O-expensive scripts daily.
security_status_chksetuid_period="weekly"
security_status_neggrpperm_period="weekly"
--
Jeremie Le Hen
Scientists say the world is made up of Protons, Neutrons and Electrons.
They forgot to mention Morons.
More information about the svn-src-head
mailing list