Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 17 Nov 2001 13:44:14 -0800
From:      "Crist J. Clark" <cristjc@earthlink.net>
To:        audit@freebsd.org, security@freebsd.org
Subject:   periodic(8)-ifying Daily Security Check
Message-ID:  <20011117134414.A66323@blossom.cjclark.org>

next in thread | raw e-mail | index | archive | help
I've gone through the /etc/security script and converted it into a
bunch of smaller scripts to be run by periodic(8). I think this is one
of those things someone has always meant to do, but never gotten
around to. The approach was pretty straight forward. The actions
actually taken by /etc/security have not been changed or upgraded,
just broken into pieces. Continuing to improve the daily security
checks can take place once the new format is in place.

Attached is a modified shell archive. Save it to a file and,

  # sh <file>

To install the new periodic(8)-ified daily security checks. It will
patch /etc/defaults/periodic.conf and
/etc/periodic/daily/450.status-security. It will then add the new
scripts in /etc/periodic/security. Note that the patch process will
leave a 450.status-security.orig in the daily scripts, and _both_
450.status-security and 450.status-security.orig will be executed by
periodic(8). For now, I consider this a debugging feature. Please make
sure that the output of the two is the same. If you wish to disable
the .orig file, change its permissions so it is not executable. Also
note that /etc/security (and any customizations you may have there) is
not touched at all.

I would really appreciate if a few people would take the time to
install these and let them run a few days to make sure they actually
work on systems besides mine.

The patches and scripts are meant for -CURRENT, but extrapolation to
-STABLE is straightforward. If anyone wants -STABLE patches and
scripts to test, just say the word.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011117134414.A66323>