Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 Jul 2016 23:15:54 +0000 (UTC)
From:      Alan Somers <asomers@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r302600 - in stable/10: etc/defaults usr.sbin/periodic
Message-ID:  <201607112315.u6BNFs6H025129@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: asomers
Date: Mon Jul 11 23:15:54 2016
New Revision: 302600
URL: https://svnweb.freebsd.org/changeset/base/302600

Log:
  MFC r300356
  
  Better document security_show_{success,info,badconfig} in /etc/periodic.conf
  
  periodic(8) already handles the security_show_{success,info,badconfig}
  variables correctly. However, those variables aren't explicitly set in
  /etc/defaults/periodic.conf or anywhere else, which suggests to the user
  that they shouldn't be used.
  
  etc/defaults/periodic.conf
          Explicitly set defaults for security_show_{success,info,badconfig}
  
  usr.sbin/periodic/periodic.sh
          Update usage string
  
  usr.sbin/periodic/periodic.8
          Minor man page updates
  
  One thing I'm _not_ doing is recommending setting security_output to
  /var/log/security.log or adding that file to /etc/newsyslog.conf, because
  periodic(8) would create it with default permissions, usually 644, and
  that's probably a bad idea.

Modified:
  stable/10/etc/defaults/periodic.conf
  stable/10/usr.sbin/periodic/periodic.8
  stable/10/usr.sbin/periodic/periodic.sh
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/etc/defaults/periodic.conf
==============================================================================
--- stable/10/etc/defaults/periodic.conf	Mon Jul 11 23:06:11 2016	(r302599)
+++ stable/10/etc/defaults/periodic.conf	Mon Jul 11 23:15:54 2016	(r302600)
@@ -225,6 +225,10 @@ monthly_local="/etc/monthly.local"			# L
 
 # Security options
 
+security_show_success="YES"				# scripts returning 0
+security_show_info="YES"				# scripts returning 1
+security_show_badconfig="NO"				# scripts returning 2
+
 # These options are used by the security periodic(8) scripts spawned in
 # daily and weekly 450.status-security.
 security_status_logdir="/var/log"			# Directory for logs

Modified: stable/10/usr.sbin/periodic/periodic.8
==============================================================================
--- stable/10/usr.sbin/periodic/periodic.8	Mon Jul 11 23:06:11 2016	(r302599)
+++ stable/10/usr.sbin/periodic/periodic.8	Mon Jul 11 23:15:54 2016	(r302600)
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd August 30, 2007
+.Dd May 20, 2016
 .Dt PERIODIC 8
 .Os
 .Sh NAME
@@ -166,8 +166,9 @@ table
 the top level directory containing
 .Pa daily ,
 .Pa weekly ,
+.Pa monthly ,
 and
-.Pa monthly
+.Pa security
 subdirectories which contain standard system periodic executables
 .It Pa /etc/defaults/periodic.conf
 the
@@ -175,9 +176,9 @@ the
 system registry contains variables that control the behaviour of
 .Nm
 and the standard
-.Pa daily , weekly ,
+.Pa daily , weekly , monthly ,
 and
-.Pa monthly
+.Pa security
 scripts
 .It Pa /etc/periodic.conf
 this file contains local overrides for the default

Modified: stable/10/usr.sbin/periodic/periodic.sh
==============================================================================
--- stable/10/usr.sbin/periodic/periodic.sh	Mon Jul 11 23:06:11 2016	(r302599)
+++ stable/10/usr.sbin/periodic/periodic.sh	Mon Jul 11 23:15:54 2016	(r302600)
@@ -4,13 +4,13 @@
 #
 # Run nightly periodic scripts
 #
-# usage: periodic { daily | weekly | monthly } - run standard periodic scripts
+# usage: periodic { daily | weekly | monthly | security } - run standard scripts
 #        periodic /absolute/path/to/directory  - run periodic scripts in dir
 #
 
 usage () {
     echo "usage: $0 <directory of files to execute>" 1>&2
-    echo "or     $0 { daily | weekly | monthly }"    1>&2
+    echo "or     $0 { daily | weekly | monthly | security }"    1>&2
     exit 1
 }
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607112315.u6BNFs6H025129>