Date: Sat, 24 Aug 2013 18:57:04 +0200 From: Jeremie Le Hen <jlh@FreeBSD.org> To: Royce Williams <royce@tycho.org> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org>, Darren Pilgrim <list_freebsd@bluerosetech.com> Subject: Re: weekly periodic security status Message-ID: <20130824165704.GD24767@caravan.chchile.org> In-Reply-To: <CA%2BE3k910-BqOdDtA9sWTxVuKxtJSS02w4PSeTmM%2BJxPqNQ5Jyw@mail.gmail.com> References: <20130822204958.GC24767@caravan.chchile.org> <5217AD9E.1000100@bluerosetech.com> <CA%2BE3k910-BqOdDtA9sWTxVuKxtJSS02w4PSeTmM%2BJxPqNQ5Jyw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 23, 2013 at 08:35:55PM -0800, Royce Williams wrote: > On Fri, Aug 23, 2013 at 10:44 AM, Darren Pilgrim < > list_freebsd@bluerosetech.com> wrote: > > > Thank you for this, but if I may make one suggestion: don't combine all > > the security report settings--keep both daily_* and weekly_*. This makes > > possible running some security tasks on a daily basis and others on a > > weekly basis. For example, daily pkg/portaudit checks, but weekly > > filesystem scans. > > > > Agreed. I welcome and would use the weekly option at this level of > granularity, but would like to retain daily for many checks, and so would > not use weekly if was an all-or-nothing option. Sounds like a good idea. However I don't know how to implement this because, in the current state of the periodic security scripts, there is no way to know whether a script had been called from daily or weekly periodic scripts, so no way to know which variable to check. The easy way to work around this would be to declare an environment variable from 450.status-security, but it sounds like a hackish way because you create an additional dependency for the periodic security scripts. -- Jeremie Le Hen Scientists say the world is made up of Protons, Neutrons and Electrons. They forgot to mention Morons.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130824165704.GD24767>