I have just committed changes to how the daily security checks are done in -CURRENT. Long ago, there was just /etc/daily. Then /etc/security was split out of /etc/daily. Some time later, /etc/daily became a set of periodic(8) scripts. Now, this evolution continues, and /etc/security has been broken into periodic(8) scripts to make local customization easier and more maintainable.
However, like any change, there may be some problems making the transition to the new system. If you are using the default /etc/security, the change will be transparent. Next time you update, mergemaster(8) will take care of everything for you. Note that /etc/security will no longer be used in any way, it can safely be removed. If you have local customizations to /etc/security, the best thing to do and the ultimate way to fix things "properly" is to break out the customizations into small scripts and drop the scripts into /usr/local/etc/periodic/security. Make sure the scripts are set executable and ls(1) in the order you wish them to execute. If your customizations are separate from the actions in the default /etc/security, this is all you need to do. If you have made customizations to actions in /etc/security, drop your customized script into /usr/local/etc/periodic/security, and then deactivate the default script with the same action by placing the appropriate, daily_status_security_<script>_enable="NO" In your /etc/periodic.conf. See periodic(8) for details on how the system works. For those who do not have the time to do this the really quick work around is, mkdir -p /usr/local/etc/periodic/security # mv /etc/security /usr/local/etc/periodic/security # chmod 755 /usr/local/etc/periodic/security/security # cat >> /etc/periodic.conf <<EOF daily_status_security_chksetuid_enable="NO" daily_status_security_chkmounts_enable="NO" daily_status_security_chkuid0_enable="NO" daily_status_security_passwdless_enable="NO" daily_status_security_ipfwdenied_enable="NO" daily_status_security_ipfwlimit_enable="NO" daily_status_security_ip6fwdenied_enable="NO" daily_status_security_ip6fwlimit_enable="NO" daily_status_security_kernelmsg_enable="NO" daily_status_security_loginfail_enable="NO" daily_status_security_tcpwrap_enable="NO" EOF And everything should work (prett much) fine... EXCEPT the use of the 'daily_status_security_noamd' setting will be broken (but it does work in the new periodic(8) scripts). Please report any problems, but I'd really like to not get my first pointy-hat award out of this. -- "It's always funny until someone gets hurt. Then it's hilarious." Crist J. Clark | [EMAIL PROTECTED] | [EMAIL PROTECTED] http://people.freebsd.org/~cjc/ | [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message