From owner-freebsd-security Sat Nov 17 13:44:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from swan.prod.itd.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123]) by hub.freebsd.org (Postfix) with ESMTP id 2BD8C37B416; Sat, 17 Nov 2001 13:44:42 -0800 (PST) Received: from dialup-209.247.143.121.dial1.sanjose1.level3.net ([209.247.143.121] helo=blossom.cjclark.org) by swan.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 165DGS-0004L5-00; Sat, 17 Nov 2001 13:44:41 -0800 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id fAHLiEF66373; Sat, 17 Nov 2001 13:44:14 -0800 (PST) (envelope-from cjc) Date: Sat, 17 Nov 2001 13:44:14 -0800 From: "Crist J. Clark" To: audit@freebsd.org, security@freebsd.org Subject: periodic(8)-ifying Daily Security Check Message-ID: <20011117134414.A66323@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've gone through the /etc/security script and converted it into a bunch of smaller scripts to be run by periodic(8). I think this is one of those things someone has always meant to do, but never gotten around to. The approach was pretty straight forward. The actions actually taken by /etc/security have not been changed or upgraded, just broken into pieces. Continuing to improve the daily security checks can take place once the new format is in place. Attached is a modified shell archive. Save it to a file and, # sh To install the new periodic(8)-ified daily security checks. It will patch /etc/defaults/periodic.conf and /etc/periodic/daily/450.status-security. It will then add the new scripts in /etc/periodic/security. Note that the patch process will leave a 450.status-security.orig in the daily scripts, and _both_ 450.status-security and 450.status-security.orig will be executed by periodic(8). For now, I consider this a debugging feature. Please make sure that the output of the two is the same. If you wish to disable the .orig file, change its permissions so it is not executable. Also note that /etc/security (and any customizations you may have there) is not touched at all. I would really appreciate if a few people would take the time to install these and let them run a few days to make sure they actually work on systems besides mine. The patches and scripts are meant for -CURRENT, but extrapolation to -STABLE is straightforward. If anyone wants -STABLE patches and scripts to test, just say the word. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message