From owner-freebsd-ports@FreeBSD.ORG Sun Jan 18 06:54:10 2009 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 74D481065672 for ; Sun, 18 Jan 2009 06:54:10 +0000 (UTC) (envelope-from Cy.Schubert@komquats.com) Received: from idcmail-mo2no.shaw.ca (idcmail-mo2no.shaw.ca [64.59.134.9]) by mx1.freebsd.org (Postfix) with ESMTP id 44B9F8FC0C for ; Sun, 18 Jan 2009 06:54:09 +0000 (UTC) (envelope-from Cy.Schubert@komquats.com) Received: from pd6ml2no-ssvc.prod.shaw.ca ([10.0.153.163]) by pd7mo1no-svcs.prod.shaw.ca with ESMTP; 17 Jan 2009 23:25:47 -0700 X-Cloudmark-SP-Filtered: true X-Cloudmark-SP-Result: v=1.0 c=0 a=6I5d2MoRAAAA:8 a=1hHXXXv--P7fIwEvqOQA:9 a=8AttxIU3lHS2hy7s3BgA:7 a=S2HeMromSKYT0kHRvcifMAzlKHIA:4 a=V7tsTZBp22UA:10 a=SV7veod9ZcQA:10 a=9GB-lkK7yWsA:10 a=Tjf7spJe51kA:10 a=wAGQQ9Az6v0A:10 Received: from s01060002b31a8191.gv.shawcable.net (HELO spqr.komquats.com) ([24.68.166.226]) by pd6ml2no-dmz.prod.shaw.ca with ESMTP; 17 Jan 2009 23:25:47 -0700 Received: from cwsys.cwsent.com (cwsys [10.1.1.1]) by spqr.komquats.com (Postfix) with ESMTP id 09724410F3; Sat, 17 Jan 2009 22:25:47 -0800 (PST) Received: from cwsys (localhost [127.0.0.1]) by cwsys.cwsent.com (8.14.3/8.14.3) with ESMTP id n0I6Pj5c031132; Sat, 17 Jan 2009 22:25:46 -0800 (PST) (envelope-from Cy.Schubert@komquats.com) Message-Id: <200901180625.n0I6Pj5c031132@cwsys.cwsent.com> X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.2 From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.komquats.com/ To: "Krzysztof Burghardt" In-Reply-To: Message from "Krzysztof Burghardt" of "Sat, 17 Jan 2009 20:36:05 +0100." <80bd11420901171136q67733119y80288381182458fe@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 17 Jan 2009 22:25:45 -0800 Sender: Cy.Schubert@komquats.com Cc: ports@FreeBSD.org Subject: Re: Periodic script for FreeBSD port of aide X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Cy Schubert List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jan 2009 06:54:10 -0000 In message <80bd11420901171136q67733119y80288381182458fe@mail.gmail.com>, "Krzy sztof Burghardt" writes: > > Hello aide port maintainer, > > I wrote a periodic script for aide port (attached). It run aide > --check. ${daily_status_security_aide_enable} defaults to NO, so it > need to be enabled in /etc/periodic.conf with: > > daily_status_security_aide_enable="YES" > > I thought you might be interested in including it. I have a few thoughts on this issue. The intention is to run it daily. What if the user wants to run it weekly or monthly or a combination thereof? One option might be that you maintain it on a web site or FTP site somewhere and the port fetches the script and installs it. I'm not convinced that this is a good idea but I'm throwing it out there anyway. Could we genericice the script for use with aide, tripwire, and integrit? The periodic scripts run at 03:01, 04:15. and 05;30. I've usually run tripwire and aide as close to coming into work in the morning as possible so that the window of opportunity of something being altered and my finding out about it is as small as possible. Is the periodic infrastructure the best place to run the script from or should it be run using a separate cron job? -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org e**(i*pi)+1=0