Re: Periodic scripts [Was: Re: /etc/security - /etc/periodic/security?]
Hello all, Will we be seeing a move in this direction towards a more configurable security script? Is anyone planning it? What about a configuration language? On Thu, 29 Jun 2000, Konstantin Chuguev wrote: IMO, introducing a sort of silent mode to these periodic scripts would help sysadmins. The idea is as follows: [...] I've been using the tool Cfengine lately, and I am surprised that it's not more standard in the BSD family (++). Why bother with complex shell scripts when you can have most needed functionality in a single C program? I've found myself replacing 10-20 lines of shell code with a single line. Remember that shell scripts involve all shorts of small utilities, and have to fork and play with memory space quite much, many times. I'd like to hear other people's ideas on this, because I'm in an effort to replace them anyway... Please, keep me cc. cheers, Fotis -- The statistician drowned in a lake averaging only 2 feet in depth. Fotis Georgatos [EMAIL PROTECTED], nic-hdl: FMG21-RIPE To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Periodic scripts [Was: Re: /etc/security - /etc/periodic/security ?]
In message [EMAIL PROTECTED], Nick Rognes s writes: On Fri, 30 Jun 2000, Fotis Georgatos wrote: Why bother with complex shell scripts when you can have most needed functionality in a single C program? I've found myself replacing 10-20 lines of shell code with a single line. WHAT? Are you crazy? I've found just the opposite. What shell scripting are you using? Example to find # of duplicate usernames in your password file: #!/usr/local/bin/ksh VAR1=`awk -F: '{print $1}' /etc/passwd|grep -cx $1` print "Number of occurences of $1 in /etc/passwd: $VAR1" Let me see you replicate that in C in less than 2 lines... Nick, I can do it in one line, but it will suck style wise because I cannot use #includes. Can we stop this pissing contest now before anybody starts flouting APL single-liners ? Thanks. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [EMAIL PROTECTED] | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Periodic scripts [Was: Re: /etc/security - /etc/periodic/security ?]
James Howard wrote: Will we be seeing a move in this direction towards a more configurable security script? Is anyone planning it? I am porting the scripts to Linux and will hold off on security if nothing is being planned or make the changes myself. I just do not want to duplicate efforts. I have administered quite a big network of FreeBSD servers and routers for more than 3 years. These periodic scripts are one of the most attractive features for a sysadmin/netadmin in FreeBSD. I really enjoyed just reading a few dozens messages from my FreeBSD boxes every morning, telling me about problems or that everything is all right. Fortunately, all right was much more often :-) Unfortunately, the OK-messages are of the same size as any alerts, so one needs to read them carefully to notice any suspicious conditions. IMO, introducing a sort of silent mode to these periodic scripts would help sysadmins. The idea is as follows: At present there are groups of scripts (daily, weekly, monthly, security) that write their reports to one email message per group. Often that message consists just of OK or empty lines from every script. In the silent mode, scripts produce no output in case of success (each script knows its success condition itself). Or they can output something, but then they should return the 0 result code for success, non-zero otherwise. A meta-script (periodic) intercepts their output, waits for their results and sends the output to mail agent only if the results are non-zero. If all scripts finished successfully, the meta-script can send just one line (or even empty message, indicating that everything is OK) to a sysadmin. The silent mode could be enabled in rc.conf for instance... Your suggestions? Regards, Konstantin. -- * *Konstantin Chuguev - Application Engineer * * Francis House, 112 Hills Road * Cambridge CB2 1PQ, United Kingdom D A N T E WWW:http://www.dante.net To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Periodic scripts [Was: Re: /etc/security - /etc/periodic/security ?]
On Thu, Jun 29, 2000 at 05:30:24PM +0100, Konstantin Chuguev wrote: IMO, introducing a sort of silent mode to these periodic scripts would help sysadmins. [snip] Your suggestions? As far as I'm concerned, this would greatly increase the utility of these scripts. I would love to see this happen. -- Ben 220 go.ahead.make.my.day ESMTP Postfix To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message