svn commit: r254974 - in head: etc/defaults etc/periodic/monthly etc/periodic/security etc/periodic/weekly share/man/man5

Jeremie Le Hen jlh at FreeBSD.org
Tue Aug 27 21:31:59 UTC 2013 

On Tue, Aug 27, 2013 at 09:20:29PM +0000, Jeremie Le Hen wrote:
> Author: jlh
> Date: Tue Aug 27 21:20:28 2013
> New Revision: 254974
> URL: http://svnweb.freebsd.org/changeset/base/254974
> 
> Log:
>   Make the period of each periodic security script configurable.
>   
>   There are now six additional variables
>     weekly_status_security_enable
>     weekly_status_security_inline
>     weekly_status_security_output
>     monthly_status_security_enable
>     monthly_status_security_inline
>     monthly_status_security_output
>   alongside their existing daily counterparts.  They all have the same
>   default values.
>   
>   All other "daily_status_security_${scriptname}_${whatever}"
>   variables have been renamed to "security_status_${name}_${whatever}".
>   A compatibility shim has been introduced for the old variable names,
>   which we will be able to remove in 11.0-RELEASE.
>   
>   "security_status_${name}_enable" is still a boolean but a new
>   "security_status_${name}_period" allows to define the period of
>   each script.  The value is one of "daily" (the default for backward
>   compatibility), "weekly", "monthly" and "NO".
>   
>   Note that when the security periodic scripts are run directly from
>   crontab(5) (as opposed to being called by daily or weekly periodic
>   scripts), they will run unless the test is explicitely disabled with a
>   "NO", either for in the "_enable" or the "_period" variable.
>   
>   When the security output is not inlined, the mail subject has been
>   changed from "$host $arg run output" to "$host $arg $period run output".
>   For instance:
>     myfbsd security run output ->  myfbsd security daily run output
>   I don't think this is considered as a stable API, but feel free to
>   correct me if I'm wrong.
>   
>   Finally, I will rearrange periodic.conf(5) and default/periodic.conf
>   to put the security options in their own section.  I left them in
>   place for this commit to make reviewing easier.

In summary, just add the following lines to periodic.conf(5) to avoid
running those I/O-expensive scripts daily.

    security_status_chksetuid_period="weekly"
    security_status_neggrpperm_period="weekly"

-- 
Jeremie Le Hen

Scientists say the world is made up of Protons, Neutrons and Electrons.
They forgot to mention Morons.

More information about the svn-src-head mailing list