From owner-freebsd-hackers@FreeBSD.ORG Sat Aug 24 13:38:20 2013 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 38DAE132 for ; Sat, 24 Aug 2013 13:38:20 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-we0-x22d.google.com (mail-we0-x22d.google.com [IPv6:2a00:1450:400c:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C34AB2EA4 for ; Sat, 24 Aug 2013 13:38:19 +0000 (UTC) Received: by mail-we0-f173.google.com with SMTP id x54so1454106wes.32 for ; Sat, 24 Aug 2013 06:38:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; bh=rNJhx+EKD+YU83sLRw+ZmWUFCSuOOn4Oh287aSOXrIg=; b=hskvA9t+Yhpj+/IGIb2Wb4hvaeHBJIKLjtmzIWoABq6ab6fgCrFvRk9K5Yxm6bVHdz 8Bqov96oqWIZmULYEpOHaYElHOeZIm8gWRxI7ned/fET5v+ebnDcVf8X3DEk/SwukQE0 iEm0wwc8zL8rCgYUbFmzZ+vf7qhSwoB5UW59B2cRQsfnXqJmhTFYZ6C117JfY41+V72i 8YhhqRu0L5CVXrCz9aijAw1zgH/9mKa8l2/KKF0A6Ij92KHapLOBm+hds5qKItjsYw3H 087jGIO0NRF3e9wtRRAjMsMY3Y3IdQMoZBJq0S/1a4b73yd7pxFzp+9qsNeXYYfEYb0b 1xFw== X-Received: by 10.180.72.134 with SMTP id d6mr1548189wiv.8.1377351498166; Sat, 24 Aug 2013 06:38:18 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPSA id ee5sm4196750wib.3.1969.12.31.16.00.00 (version=SSLv3 cipher=RC4-SHA bits=128/128); Sat, 24 Aug 2013 06:38:17 -0700 (PDT) Date: Sat, 24 Aug 2013 14:38:15 +0100 From: RW To: freebsd-hackers@freebsd.org Subject: Re: weekly periodic security status Message-ID: <20130824143815.39ea88f3@gumby.homeunix.com> In-Reply-To: <20130822204958.GC24767@caravan.chchile.org> References: <20130822204958.GC24767@caravan.chchile.org> X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.17; amd64-portbld-freebsd10.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Aug 2013 13:38:20 -0000 On Thu, 22 Aug 2013 22:49:58 +0200 Jeremie Le Hen wrote: > Hi, > > I plan to commit the attached patch. This allows the turn the daily > security checks into weekly checks. You do this by adding the > following to periodic.conf(5): > > daily_status_security_enable=NO > weekly_status_security_enable=YES > > All other $daily_status_security_whatever variables will be renamed to > $security_status_whatever. The old variable name is supported but > prints a warning. > All daily_status_security_enable does is control whether the security scripts are run from daily, but security is a periodic dirctory in its own right. You can simply set daily_status_security_enable=NO and put a separate security entry in crontab (or anacrontab). You can also symlink the lightweight security scripts in a separate directory and run those on all, or some, of the days you don't run the full security pass. In short the current support is more powerful and flexible than anything suggested in this thread so far.