From owner-freebsd-current Fri Dec 7 15:58:13 2001 Delivered-To: freebsd-current@freebsd.org Received: from pintail.mail.pas.earthlink.net (pintail.mail.pas.earthlink.net [207.217.120.122]) by hub.freebsd.org (Postfix) with ESMTP id 458C737B405 for ; Fri, 7 Dec 2001 15:58:09 -0800 (PST) Received: from dialup-209.245.131.254.dial1.sanjose1.level3.net ([209.245.131.254] helo=blossom.cjclark.org) by pintail.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 16CUsZ-0001vy-00 for freebsd-current@freebsd.org; Fri, 07 Dec 2001 15:58:08 -0800 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id fB7Nw5020251 for freebsd-current@freebsd.org; Fri, 7 Dec 2001 15:58:05 -0800 (PST) (envelope-from cjc) Date: Fri, 7 Dec 2001 15:58:05 -0800 From: "Crist J . Clark" To: freebsd-current@freebsd.org Subject: HEADS UP: periodic(8)-ifying daily security checks Message-ID: <20011207155805.R8975@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I have just committed changes to how the daily security checks are done in -CURRENT. Long ago, there was just /etc/daily. Then /etc/security was split out of /etc/daily. Some time later, /etc/daily became a set of periodic(8) scripts. Now, this evolution continues, and /etc/security has been broken into periodic(8) scripts to make local customization easier and more maintainable. However, like any change, there may be some problems making the transition to the new system. If you are using the default /etc/security, the change will be transparent. Next time you update, mergemaster(8) will take care of everything for you. Note that /etc/security will no longer be used in any way, it can safely be removed. If you have local customizations to /etc/security, the best thing to do and the ultimate way to fix things "properly" is to break out the customizations into small scripts and drop the scripts into /usr/local/etc/periodic/security. Make sure the scripts are set executable and ls(1) in the order you wish them to execute. If your customizations are separate from the actions in the default /etc/security, this is all you need to do. If you have made customizations to actions in /etc/security, drop your customized script into /usr/local/etc/periodic/security, and then deactivate the default script with the same action by placing the appropriate, daily_status_security_