From owner-freebsd-hackers@FreeBSD.ORG  Sat Aug 24 16:57:12 2013
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id E3152BA5
 for <freebsd-hackers@freebsd.org>; Sat, 24 Aug 2013 16:57:12 +0000 (UTC)
 (envelope-from jlh@FreeBSD.org)
Received: from caravan.chchile.org (caravan.chchile.org [178.32.125.136])
 (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id AA64E2879
 for <freebsd-hackers@freebsd.org>; Sat, 24 Aug 2013 16:57:12 +0000 (UTC)
Received: by caravan.chchile.org (Postfix, from userid 1000)
 id 9CFA2C1E06; Sat, 24 Aug 2013 16:57:04 +0000 (UTC)
Date: Sat, 24 Aug 2013 18:57:04 +0200
From: Jeremie Le Hen <jlh@FreeBSD.org>
To: Royce Williams <royce@tycho.org>
Subject: Re: weekly periodic security status
Message-ID: <20130824165704.GD24767@caravan.chchile.org>
Mail-Followup-To: Royce Williams <royce@tycho.org>,
 Darren Pilgrim <list_freebsd@bluerosetech.com>,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>
References: <20130822204958.GC24767@caravan.chchile.org>
 <5217AD9E.1000100@bluerosetech.com>
 <CA+E3k910-BqOdDtA9sWTxVuKxtJSS02w4PSeTmM+JxPqNQ5Jyw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+E3k910-BqOdDtA9sWTxVuKxtJSS02w4PSeTmM+JxPqNQ5Jyw@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org>,
 Darren Pilgrim <list_freebsd@bluerosetech.com>
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Aug 2013 16:57:13 -0000

On Fri, Aug 23, 2013 at 08:35:55PM -0800, Royce Williams wrote:
> On Fri, Aug 23, 2013 at 10:44 AM, Darren Pilgrim <
> list_freebsd@bluerosetech.com> wrote:
> 
> > Thank you for this, but if I may make one suggestion: don't combine all
> > the security report settings--keep both daily_* and weekly_*.  This makes
> > possible running some security tasks on a daily basis and others on a
> > weekly basis.  For example, daily pkg/portaudit checks, but weekly
> > filesystem scans.
> >
> 
> Agreed.  I welcome and would use the weekly option at this level of
> granularity, but would like to retain daily for many checks, and so would
> not use weekly if was an all-or-nothing option.

Sounds like a good idea.  However I don't know how to implement this
because, in the current state of the periodic security scripts, there is
no way to know whether a script had been called from daily or weekly
periodic scripts, so no way to know which variable to check.

The easy way to work around this would be to declare an environment
variable from 450.status-security, but it sounds like a hackish way
because you create an additional dependency for the periodic security
scripts.

-- 
Jeremie Le Hen

Scientists say the world is made up of Protons, Neutrons and Electrons.
They forgot to mention Morons.