Date: Sat, 17 Jan 2009 22:25:45 -0800 From: Cy Schubert <Cy.Schubert@komquats.com> To: "Krzysztof Burghardt" <krzysztof@burghardt.pl> Cc: ports@FreeBSD.org Subject: Re: Periodic script for FreeBSD port of aide Message-ID: <200901180625.n0I6Pj5c031132@cwsys.cwsent.com> In-Reply-To: Message from "Krzysztof Burghardt" <krzysztof@burghardt.pl> of "Sat, 17 Jan 2009 20:36:05 %2B0100." <80bd11420901171136q67733119y80288381182458fe@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <80bd11420901171136q67733119y80288381182458fe@mail.gmail.com>,
"Krzy
sztof Burghardt" writes:
>
> Hello aide port maintainer,
>
> I wrote a periodic script for aide port (attached). It run aide
> --check. ${daily_status_security_aide_enable} defaults to NO, so it
> need to be enabled in /etc/periodic.conf with:
>
> daily_status_security_aide_enable="YES"
>
> I thought you might be interested in including it.
I have a few thoughts on this issue.
The intention is to run it daily. What if the user wants to run it weekly
or monthly or a combination thereof?
One option might be that you maintain it on a web site or FTP site
somewhere and the port fetches the script and installs it. I'm not
convinced that this is a good idea but I'm throwing it out there anyway.
Could we genericice the script for use with aide, tripwire, and integrit?
The periodic scripts run at 03:01, 04:15. and 05;30. I've usually run
tripwire and aide as close to coming into work in the morning as possible
so that the window of opportunity of something being altered and my finding
out about it is as small as possible. Is the periodic infrastructure the
best place to run the script from or should it be run using a separate cron
job?
--
Cheers,
Cy Schubert <Cy.Schubert@komquats.com>
FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org
e**(i*pi)+1=0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901180625.n0I6Pj5c031132>