From owner-freebsd-hackers@FreeBSD.ORG Sat Aug 24 16:59:20 2013 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id C5449EB1 for ; Sat, 24 Aug 2013 16:59:20 +0000 (UTC) (envelope-from jlh@FreeBSD.org) Received: from caravan.chchile.org (caravan.chchile.org [178.32.125.136]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8EA382894 for ; Sat, 24 Aug 2013 16:59:20 +0000 (UTC) Received: by caravan.chchile.org (Postfix, from userid 1000) id EE782C1E27; Sat, 24 Aug 2013 16:59:18 +0000 (UTC) Date: Sat, 24 Aug 2013 18:59:18 +0200 From: Jeremie Le Hen To: RW Subject: Re: weekly periodic security status Message-ID: <20130824165918.GE24767@caravan.chchile.org> Mail-Followup-To: RW , freebsd-hackers@freebsd.org References: <20130822204958.GC24767@caravan.chchile.org> <20130824143815.39ea88f3@gumby.homeunix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20130824143815.39ea88f3@gumby.homeunix.com> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-hackers@freebsd.org X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Aug 2013 16:59:20 -0000 On Sat, Aug 24, 2013 at 02:38:15PM +0100, RW wrote: > On Thu, 22 Aug 2013 22:49:58 +0200 > Jeremie Le Hen wrote: > > > Hi, > > > > I plan to commit the attached patch. This allows the turn the daily > > security checks into weekly checks. You do this by adding the > > following to periodic.conf(5): > > > > daily_status_security_enable=NO > > weekly_status_security_enable=YES > > > > All other $daily_status_security_whatever variables will be renamed to > > $security_status_whatever. The old variable name is supported but > > prints a warning. > > > > All daily_status_security_enable does is control whether the security > scripts are run from daily, but security is a periodic dirctory in its > own right. > > You can simply set daily_status_security_enable=NO and put a > separate security entry in crontab (or anacrontab). You can also > symlink the lightweight security scripts in a separate directory and > run those on all, or some, of the days you don't run the full security > pass. > > In short the current support is more powerful and flexible than > anything suggested in this thread so far. Nothing of what you say is wrong, but culturally I think it is more common to configure things with variable assignments in configuration files a-la rc.conf(5), rather than creating directories and symlinks. I don't say one or the other is better, it is just a matter of tradition. -- Jeremie Le Hen Scientists say the world is made up of Protons, Neutrons and Electrons. They forgot to mention Morons.