#
296373 |
|
04-Mar-2016 |
marius |
- Copy stable/10@296371 to releng/10.3 in preparation for 10.3-RC1 builds. - Update newvers.sh to reflect RC1. - Update __FreeBSD_version to reflect 10.3. - Update default pkg(8) configuration to use the quarterly branch.
Approved by: re (implicit) |
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
254974 |
|
27-Aug-2013 |
jlh |
Make the period of each periodic security script configurable.
There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values.
All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE.
"security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO".
Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable.
When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong.
Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier.
Reviewed by: hackers@
|
#
181531 |
|
10-Aug-2008 |
antoine |
Improve periodic/security/550.ipfwlimit a bit: - don't run it if net.inet.ip.fw.verbose = 0 as it is pointless - handle rules without logging limit correctly [1] (those rules show up without logamount in "ipfw -a list")
PR: conf/126060 [1] MFC after: 1 month
|
#
149989 |
|
11-Sep-2005 |
maxim |
A new version of rev. 1.4: postpone a temporary file creation until we realize if ipfw(4) ever used.
PR: bin/85970 Submitted by: Andre Albsmeier MFC after: 3 days
|
#
149659 |
|
31-Aug-2005 |
glebius |
Fix braino in last commit. Print nothing if ipfw(4) is not present.
|
#
149320 |
|
20-Aug-2005 |
glebius |
- Correctly parse output, when logging amount is limited in the rule itself, not in verbose_limit sysctl. [1] - Do check rules, even if verbose_limit is set 0. Rules may have their own log limits.
PR: conf/77929 Submitted by: Andriy Gapon [1] Reviewed by: matteo
|
#
142303 |
|
23-Feb-2005 |
ssouhlal |
Replace "ipfw l", which is now deprecated, with "ipfw list".
Approved by: grehan (mentor)
|
#
117088 |
|
30-Jun-2003 |
mtm |
Have mktemp(1) construct the temporary file name for us instead of providing a template manually.
Submitted by: Lars Eggert <larse@isi.edu>
|
#
107674 |
|
07-Dec-2002 |
keramida |
Avoid using perl in the periodic & security scripts. This brings the base system one step closer to being totally perl-free.
Approved by: re (jhb)
|
#
102398 |
|
25-Aug-2002 |
cjc |
Only create a temporary file if we are actually going to do something in the script. Eliminates a bug where we create a temp file, but don't delete it since the rm(1) is only done if the check is enabled.
PR: bin/40960 Submitted by: frf <frf@xocolatl.com> MFC after: 3 days
|
#
96805 |
|
17-May-2002 |
brian |
Tighten up temporary file permissions and move them to ${TMPDIR:-/tmp}
Problem reported by: lumpy <lumpy@the.whole.net> MFC after: 3 days
|
#
87852 |
|
14-Dec-2001 |
ru |
Work around the bugfeature of test(1).
PR: bin/32822
|
#
87514 |
|
07-Dec-2001 |
cjc |
Long ago, there was just /etc/daily. Then /etc/security was split out of /etc/daily. Some time later, /etc/daily became a set of periodic(8) scripts. Now, this evolution continues, and /etc/security has been broken into periodic(8) scripts to make local customization easier and more maintainable.
Reviewed by: ru Approved by: ru
|