From owner-freebsd-hackers@FreeBSD.ORG Sat Aug 24 16:57:12 2013 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id E3152BA5 for ; Sat, 24 Aug 2013 16:57:12 +0000 (UTC) (envelope-from jlh@FreeBSD.org) Received: from caravan.chchile.org (caravan.chchile.org [178.32.125.136]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id AA64E2879 for ; Sat, 24 Aug 2013 16:57:12 +0000 (UTC) Received: by caravan.chchile.org (Postfix, from userid 1000) id 9CFA2C1E06; Sat, 24 Aug 2013 16:57:04 +0000 (UTC) Date: Sat, 24 Aug 2013 18:57:04 +0200 From: Jeremie Le Hen To: Royce Williams Subject: Re: weekly periodic security status Message-ID: <20130824165704.GD24767@caravan.chchile.org> Mail-Followup-To: Royce Williams , Darren Pilgrim , FreeBSD Hackers References: <20130822204958.GC24767@caravan.chchile.org> <5217AD9E.1000100@bluerosetech.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: FreeBSD Hackers , Darren Pilgrim X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Aug 2013 16:57:13 -0000 On Fri, Aug 23, 2013 at 08:35:55PM -0800, Royce Williams wrote: > On Fri, Aug 23, 2013 at 10:44 AM, Darren Pilgrim < > list_freebsd@bluerosetech.com> wrote: > > > Thank you for this, but if I may make one suggestion: don't combine all > > the security report settings--keep both daily_* and weekly_*. This makes > > possible running some security tasks on a daily basis and others on a > > weekly basis. For example, daily pkg/portaudit checks, but weekly > > filesystem scans. > > > > Agreed. I welcome and would use the weekly option at this level of > granularity, but would like to retain daily for many checks, and so would > not use weekly if was an all-or-nothing option. Sounds like a good idea. However I don't know how to implement this because, in the current state of the periodic security scripts, there is no way to know whether a script had been called from daily or weekly periodic scripts, so no way to know which variable to check. The easy way to work around this would be to declare an environment variable from 450.status-security, but it sounds like a hackish way because you create an additional dependency for the periodic security scripts. -- Jeremie Le Hen Scientists say the world is made up of Protons, Neutrons and Electrons. They forgot to mention Morons.