Date: Sat, 11 Jun 2016 16:07:08 +0200 From: Michael Gmelin <freebsd@grem.de> To: abi <abi@abinet.ru> Cc: freebsd-ports@freebsd.org Subject: Re: Jail's emails Message-ID: <FFBE170C-A46C-4F7B-9731-F98B2FB64114@grem.de> In-Reply-To: <575C0BD2.1090302@abinet.ru> References: <a917ff9b-b0af-d14b-0374-c621fc6ce809@gjunka.com> <575C0BD2.1090302@abinet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 11 Jun 2016, at 15:02, abi <abi@abinet.ru> wrote: >=20 > Most of work is done by host, so the plan is to disable some of periodic s= tuff, leaving only serious matters like port security. >=20 > This can be done by creating /etc/periodic.conf.local file with contents l= ike this: > ## This is JAILED systems periodic configuration ## >=20 > # Daily options >=20 > daily_status_network_enable=3D"NO" > daily_clean_hoststat_enable=3D"NO" > daily_status_mail_rejects_enable=3D"NO" > daily_status_include_submit_mailq=3D"NO" > daily_status_mailq_enable=3D"NO" > daily_submit_queuerun=3D"NO" > daily_status_disks_enable=3D"NO" # Check disk sta= tus > daily_status_rwho_enable=3D"NO" > daily_status_security_pkgaudit_enable=3D"YES" > daily_pgsql_backup_enable=3D"YES" >=20 > daily_show_empty_output=3D"NO" > daily_show_success=3D"NO" >=20 > security_status_kernelmsg_enable=3D"NO" >=20 > security_show_empty_output=3D"NO" > security_show_success=3D"NO" >=20 > # Weekly options >=20 > weekly_whatis_enable=3D"NO" # our jails are read-only /usr >=20 > weekly_show_success=3D"NO" > weekly_show_info=3D"NO" > weekly_show_empty_output=3D"NO" >=20 > With this config files most of the time jail has nothing to report. You can also install ports-mgmt/jailaudit on the host to audit packages in a= ll jails and get the result in the host's security output (afaik this way in= dividual jails won't have to fetch the audit database). - m
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FFBE170C-A46C-4F7B-9731-F98B2FB64114>