From owner-freebsd-stable  Mon Feb 25  2:54:41 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88])
	by hub.freebsd.org (Postfix) with ESMTP id 8B70237B41B
	for <stable@freebsd.org>; Mon, 25 Feb 2002 02:54:19 -0800 (PST)
Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020225105419.RZRZ1147.rwcrmhc52.attbi.com@blossom.cjclark.org>
          for <stable@freebsd.org>; Mon, 25 Feb 2002 10:54:19 +0000
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.6) id g1PAsJK51133
	for stable@freebsd.org; Mon, 25 Feb 2002 02:54:19 -0800 (PST)
	(envelope-from cjc)
Date: Mon, 25 Feb 2002 02:54:18 -0800
From: "Crist J. Clark" <cjc@freebsd.org>
To: stable@freebsd.org
Subject: HEADS UP: periodic(8)-ifying daily security check
Message-ID: <20020225025418.I83869@blossom.cjclark.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

I have just committed changes to how the daily security checks are
done in -STABLE. Long ago, there was just /etc/daily. Then
/etc/security was split out of /etc/daily. Some time later, /etc/daily
became a set of periodic(8) scripts. Now, this evolution continues,
and /etc/security has been broken into periodic(8) scripts to make
local customization easier and more maintainable.

However, like any change, there may be some problems making the
transition to the new system. If you are using the default
/etc/security, the change will be transparent. Next time you update,
mergemaster(8) will take care of everything for you. Note that
/etc/security will no longer be used in any way, it can safely be
removed.

If you have local customizations to /etc/security, the best thing to
do and the ultimate way to fix things "properly" is to break out the
customizations into small scripts and drop the scripts into
/usr/local/etc/periodic/security. Make sure the scripts are set
executable and ls(1) in the order you wish them to execute. If your
customizations are separate from the actions in the default
/etc/security, this is all you need to do. If you have made
customizations to actions in /etc/security, drop your customized
script into /usr/local/etc/periodic/security, and then deactivate the
default script with the same action by placing the appropriate,

  daily_status_security_<script>_enable="NO"

In your /etc/periodic.conf. See periodic(8) for details on how the
system works.

For those who do not have the time to do this the really quick work
around is to not update /etc/periodic/daily/450.status-security via
mergemaster(8) or by hand.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message