#
259065 |
|
07-Dec-2013 |
gjb |
- Copy stable/10 (r259064) to releng/10.0 as part of the 10.0-RELEASE cycle. - Update __FreeBSD_version [1] - Set branch name to -RC1
[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so start releng/10.0 at '100' so the branch is started with a value ending in zero.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
254974 |
|
27-Aug-2013 |
jlh |
Make the period of each periodic security script configurable.
There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values.
All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE.
"security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO".
Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable.
When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong.
Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier.
Reviewed by: hackers@
|
#
180111 |
|
30-Jun-2008 |
mtm |
Rev. 1.8 broke matching on lines where the failure mode is at the head of the message, such as: Jun 30 10:49:21 rogue sshd[17553]: Invalid user iceman from 127.0.0.1
PR: conf/124569 Submitted by: Taku <taku@tekipaki.jp>
|
#
166928 |
|
23-Feb-2007 |
remko |
Only match on log messages containing fail,invalid, bad or illegal. This prevents matching on systems that have a name that matches the query.
PR: conf/107560 Submitted by: Christian Laursen <cfsl at pil dot dk> MFC after: 3 days Approved by: imp (mentor)
|
#
166519 |
|
05-Feb-2007 |
jdp |
Use egrep instead of grep so that reporting of login failures (broken by revision 1.6) works again. This fix is already in RELENG_6, but was never committed to HEAD.
|
#
156312 |
|
05-Mar-2006 |
matteo |
Enhance loginfail: it will catch sshd, proftpd and su errors, as well as other programs
PR: conf/70973 Submitted by: Ryan Sommers" <ryans@gamersimpact.com> Approved by: philip (mentor) MFC after: 3 days
|
#
108727 |
|
05-Jan-2003 |
se |
Add support for bzip2ed log files.
|
#
103903 |
|
24-Sep-2002 |
ache |
Make it work with POSIX sort (POS arg). All old sorts understand -k too.
|
#
92191 |
|
12-Mar-2002 |
rwatson |
No need to explicitly check for both cases when using grep -i.
|
#
92102 |
|
11-Mar-2002 |
rwatson |
Update login failure checking to check auth.log instead of messages, and teach it to look for more general classes of failures, including SSH login failures. This is similar but not identical to a patch submitted by aeonflux@synapse.subneural.net.
|
#
87514 |
|
07-Dec-2001 |
cjc |
Long ago, there was just /etc/daily. Then /etc/security was split out of /etc/daily. Some time later, /etc/daily became a set of periodic(8) scripts. Now, this evolution continues, and /etc/security has been broken into periodic(8) scripts to make local customization easier and more maintainable.
Reviewed by: ru Approved by: ru
|