From owner-svn-src-head@FreeBSD.ORG Tue Aug 27 21:31:59 2013 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 469A93F0; Tue, 27 Aug 2013 21:31:59 +0000 (UTC) (envelope-from jlh@FreeBSD.org) Received: from caravan.chchile.org (caravan.chchile.org [178.32.125.136]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 0CD0B2410; Tue, 27 Aug 2013 21:31:58 +0000 (UTC) Received: by caravan.chchile.org (Postfix, from userid 1000) id CA71CC0E3C; Tue, 27 Aug 2013 21:31:48 +0000 (UTC) Date: Tue, 27 Aug 2013 23:31:48 +0200 From: Jeremie Le Hen To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r254974 - in head: etc/defaults etc/periodic/monthly etc/periodic/security etc/periodic/weekly share/man/man5 Message-ID: <20130827213148.GR24767@caravan.chchile.org> Mail-Followup-To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org References: <201308272120.r7RLKTvk066897@svn.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201308272120.r7RLKTvk066897@svn.freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Aug 2013 21:31:59 -0000 On Tue, Aug 27, 2013 at 09:20:29PM +0000, Jeremie Le Hen wrote: > Author: jlh > Date: Tue Aug 27 21:20:28 2013 > New Revision: 254974 > URL: http://svnweb.freebsd.org/changeset/base/254974 > > Log: > Make the period of each periodic security script configurable. > > There are now six additional variables > weekly_status_security_enable > weekly_status_security_inline > weekly_status_security_output > monthly_status_security_enable > monthly_status_security_inline > monthly_status_security_output > alongside their existing daily counterparts. They all have the same > default values. > > All other "daily_status_security_${scriptname}_${whatever}" > variables have been renamed to "security_status_${name}_${whatever}". > A compatibility shim has been introduced for the old variable names, > which we will be able to remove in 11.0-RELEASE. > > "security_status_${name}_enable" is still a boolean but a new > "security_status_${name}_period" allows to define the period of > each script. The value is one of "daily" (the default for backward > compatibility), "weekly", "monthly" and "NO". > > Note that when the security periodic scripts are run directly from > crontab(5) (as opposed to being called by daily or weekly periodic > scripts), they will run unless the test is explicitely disabled with a > "NO", either for in the "_enable" or the "_period" variable. > > When the security output is not inlined, the mail subject has been > changed from "$host $arg run output" to "$host $arg $period run output". > For instance: > myfbsd security run output -> myfbsd security daily run output > I don't think this is considered as a stable API, but feel free to > correct me if I'm wrong. > > Finally, I will rearrange periodic.conf(5) and default/periodic.conf > to put the security options in their own section. I left them in > place for this commit to make reviewing easier. In summary, just add the following lines to periodic.conf(5) to avoid running those I/O-expensive scripts daily. security_status_chksetuid_period="weekly" security_status_neggrpperm_period="weekly" -- Jeremie Le Hen Scientists say the world is made up of Protons, Neutrons and Electrons. They forgot to mention Morons.