weekly periodic security status
Jeremie Le Hen
jlh at FreeBSD.org
Sat Aug 24 16:59:20 UTC 2013
On Sat, Aug 24, 2013 at 02:38:15PM +0100, RW wrote:
> On Thu, 22 Aug 2013 22:49:58 +0200
> Jeremie Le Hen wrote:
>
> > Hi,
> >
> > I plan to commit the attached patch. This allows the turn the daily
> > security checks into weekly checks. You do this by adding the
> > following to periodic.conf(5):
> >
> > daily_status_security_enable=NO
> > weekly_status_security_enable=YES
> >
> > All other $daily_status_security_whatever variables will be renamed to
> > $security_status_whatever. The old variable name is supported but
> > prints a warning.
> >
>
> All daily_status_security_enable does is control whether the security
> scripts are run from daily, but security is a periodic dirctory in its
> own right.
>
> You can simply set daily_status_security_enable=NO and put a
> separate security entry in crontab (or anacrontab). You can also
> symlink the lightweight security scripts in a separate directory and
> run those on all, or some, of the days you don't run the full security
> pass.
>
> In short the current support is more powerful and flexible than
> anything suggested in this thread so far.
Nothing of what you say is wrong, but culturally I think it is more
common to configure things with variable assignments in configuration
files a-la rc.conf(5), rather than creating directories and symlinks.
I don't say one or the other is better, it is just a matter of
tradition.
--
Jeremie Le Hen
Scientists say the world is made up of Protons, Neutrons and Electrons.
They forgot to mention Morons.
More information about the freebsd-hackers
mailing list