Re: Daily, weekly, security scripts....
On 2012-05-28 1:25, Garrett Cooper wrote: > Here's a revised patch (based on something I brought up earlier) > that converts periodic over to an rc.subr-like paradigm. > This can be directly applied to HEAD; you will need to backport > r231849 first if you want to apply the patch to 9-STABLE, etc (the > change wasn't MFCed -- not sure why). ', 2 problems: - I run 8.x on most boxes atm. - I'm still an SVN noob, got no further than just to fetch the tree. So I'll need time to catch up on this. --WjW ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Daily, weekly, security scripts....
On 2012-05-24 19:05, Doug Barton wrote: > On 05/24/2012 03:49 AM, Willem Jan Withagen wrote: >> [I looked for a better list to drop this on, but other that freebsd-rc >> nothing seems close.] > > freebsd-rc@ is not appropriate for discussing periodic, as the 2 are > totally unrelated. Hence I dropped it in current. > At this time there is no dedicated maintainer for periodic, so if you > find behavior that you don't like, and you've thoroughly exhausted the > available configuration options, your only recourse is to submit a patch. I have not exhausted all options, because I keep discovering things. And given the long time with FreeBSD, I tend to reexamine man pages to see what people have added and/or documented. So before I start hammering at the scripts, I'll need to go through wat is already there.. Thanx, --WjW ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Daily, weekly, security scripts....
On 05/24/2012 03:49 AM, Willem Jan Withagen wrote: > [I looked for a better list to drop this on, but other that freebsd-rc > nothing seems close.] freebsd-rc@ is not appropriate for discussing periodic, as the 2 are totally unrelated. At this time there is no dedicated maintainer for periodic, so if you find behavior that you don't like, and you've thoroughly exhausted the available configuration options, your only recourse is to submit a patch. hth, Doug ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Daily, weekly, security scripts....
On Thu, May 24, 2012 at 03:29:49PM +0200, Willem Jan Withagen wrote: > On 2012-05-24 14:01, Sergey Kandaurov wrote: > > On 24 May 2012 11:49, Willem Jan Withagen wrote: > >> [I looked for a better list to drop this on, but other that freebsd-rc > >> nothing seems close.] > >> > >> Hi, > >> > >> I nagged about the verbosity of the periodic scripts. > >> But did not give any example. > > [example stripped] > > >> This would call for something like $periodic_quiet?? > >> and then generating the headers only if there was something to report. > > > > Hi, > > you could try to start with: > > > > security_show_success="NO" > > daily_show_success="NO" > > I looked in some of the security scripts and that variable is not used > in the ones I looked into. > > But perhaps in script/tools that does the overall calling of the > /etc/periodic/security/* scripts. Its handled in /usr/sbin/periodic success=YES info=YES badconfig=NO empty_output=YES # Defaults when ${run}_* aren't YES/NO for var in success info badconfig empty_output do case $(eval echo "\$${arg##*/}_show_$var") in [Yy][Ee][Ss]) eval $var=YES;; [Nn][Oo]) eval $var=NO;; esac done Regards, Gary ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Daily, weekly, security scripts....
On 2012-05-24 14:01, Sergey Kandaurov wrote: > On 24 May 2012 11:49, Willem Jan Withagen wrote: >> [I looked for a better list to drop this on, but other that freebsd-rc >> nothing seems close.] >> >> Hi, >> >> I nagged about the verbosity of the periodic scripts. >> But did not give any example. [example stripped] >> This would call for something like $periodic_quiet?? >> and then generating the headers only if there was something to report. > Hi, > you could try to start with: > > security_show_success="NO" > daily_show_success="NO" I looked in some of the security scripts and that variable is not used in the ones I looked into. But perhaps in script/tools that does the overall calling of the /etc/periodic/security/* scripts. --WjW ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Daily, weekly, security scripts....
On 24 May 2012 11:49, Willem Jan Withagen wrote: > [I looked for a better list to drop this on, but other that freebsd-rc > nothing seems close.] > > Hi, > > I nagged about the verbosity of the periodic scripts. > But did not give any example. > > Well I just ran into a perfect example: > -- > Checking setuid files and devices: > > Checking for uids of 0: > root 0 > > Checking for passwordless accounts: > > Checking login.conf permissions: > > Checking for ports with mismatched checksums: > > xx.xx.nl kernel log messages: > +++ /tmp/security.X5WEmRe8 2012-05-24 03:38:58.028927236 +0200 > > xx.xx.nl login failures: > > xx.xx.nl refused connections: > > Checking for a current audit database: > > Database created: Wed May 23 03:45:00 CEST 2012 > > Checking for packages with security vulnerabilities: > > 0 problem(s) in your installed packages found. > > -- End of security output -- > > Which does not really report anything other than the system is healthy. > > Now because of the sheer volume (with about 20+ servers to maintain) > this goes into a seperate bin, which I only check on less busy times. > > Whereas it would go into my active mailbox when I only get allerts on > which I really need to handle. > > This would call for something like $periodic_quiet?? > and then generating the headers only if there was something to report. > > I'd do it myself if only the day had 36 hours... Hi, you could try to start with: security_show_success="NO" daily_show_success="NO" -- wbr, pluknet ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Daily, weekly, security scripts....
[I looked for a better list to drop this on, but other that freebsd-rc nothing seems close.] Hi, I nagged about the verbosity of the periodic scripts. But did not give any example. Well I just ran into a perfect example: -- Checking setuid files and devices: Checking for uids of 0: root 0 Checking for passwordless accounts: Checking login.conf permissions: Checking for ports with mismatched checksums: xx.xx.nl kernel log messages: +++ /tmp/security.X5WEmRe8 2012-05-24 03:38:58.028927236 +0200 xx.xx.nl login failures: xx.xx.nl refused connections: Checking for a current audit database: Database created: Wed May 23 03:45:00 CEST 2012 Checking for packages with security vulnerabilities: 0 problem(s) in your installed packages found. -- End of security output -- Which does not really report anything other than the system is healthy. Now because of the sheer volume (with about 20+ servers to maintain) this goes into a seperate bin, which I only check on less busy times. Whereas it would go into my active mailbox when I only get allerts on which I really need to handle. This would call for something like $periodic_quiet?? and then generating the headers only if there was something to report. I'd do it myself if only the day had 36 hours... --WjW ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"