From owner-freebsd-hackers@FreeBSD.ORG  Mon Aug 26 06:32:11 2013
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id DA864E45
 for <freebsd-hackers@freebsd.org>; Mon, 26 Aug 2013 06:32:11 +0000 (UTC)
 (envelope-from julian@freebsd.org)
Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id AA30A2B98
 for <freebsd-hackers@freebsd.org>; Mon, 26 Aug 2013 06:32:11 +0000 (UTC)
Received: from jre-mbp.elischer.org
 (ppp121-45-245-177.lns20.per2.internode.on.net [121.45.245.177])
 (authenticated bits=0)
 by vps1.elischer.org (8.14.6/8.14.6) with ESMTP id r7Q6Vuxn011424
 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
 Sun, 25 Aug 2013 23:31:59 -0700 (PDT)
 (envelope-from julian@freebsd.org)
Message-ID: <521AF656.1040200@freebsd.org>
Date: Mon, 26 Aug 2013 14:31:50 +0800
From: Julian Elischer <julian@freebsd.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8;
 rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Royce Williams <royce@tycho.org>,
 Darren Pilgrim <list_freebsd@bluerosetech.com>,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>
Subject: Re: weekly periodic security status
References: <20130822204958.GC24767@caravan.chchile.org>
 <5217AD9E.1000100@bluerosetech.com>
 <CA+E3k910-BqOdDtA9sWTxVuKxtJSS02w4PSeTmM+JxPqNQ5Jyw@mail.gmail.com>
 <20130824165704.GD24767@caravan.chchile.org>
 <20130825110520.GJ24767@caravan.chchile.org>
In-Reply-To: <20130825110520.GJ24767@caravan.chchile.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Aug 2013 06:32:11 -0000

On 8/25/13 7:05 PM, Jeremie Le Hen wrote:
>
> And the following variables to control whether you want each check to
> run "daily", "weekly" or directly from "crontab" (the default, backward
> compatible values are shown):
>      security_status_chksetuid_enable="daily"
>      security_status_neggrpperm_enable="daily"
>      security_status_chkmounts_enable="daily"
>      security_status_chkuid0_enable="daily"
>      security_status_passwdless_enable="daily"
>      security_status_logincheck_enable="daily"
>      security_status_chkportsum_enable="NO"
>      security_status_ipfwdenied_enable="daily"
>      security_status_ipfdenied_enable="daily"
>      security_status_pfdenied_enable="daily"
>      security_status_ipfwlimit_enable="daily"
>      security_status_ipf6denied_enable="daily"
>      security_status_kernelmsg_enable="daily"
>      security_status_loginfail_enable="daily"
>      security_status_tcpwrap_enable="daily"

excellent..