1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-04 12:52:15 +00:00
Mirror of the FreeBSD src repository https://git.FreeBSD.org/src.git .
Go to file
Jeremie Le Hen 69b55c23cb Make the period of each periodic security script configurable.
There are now six additional variables
  weekly_status_security_enable
  weekly_status_security_inline
  weekly_status_security_output
  monthly_status_security_enable
  monthly_status_security_inline
  monthly_status_security_output
alongside their existing daily counterparts.  They all have the same
default values.

All other "daily_status_security_${scriptname}_${whatever}"
variables have been renamed to "security_status_${name}_${whatever}".
A compatibility shim has been introduced for the old variable names,
which we will be able to remove in 11.0-RELEASE.

"security_status_${name}_enable" is still a boolean but a new
"security_status_${name}_period" allows to define the period of
each script.  The value is one of "daily" (the default for backward
compatibility), "weekly", "monthly" and "NO".

Note that when the security periodic scripts are run directly from
crontab(5) (as opposed to being called by daily or weekly periodic
scripts), they will run unless the test is explicitely disabled with a
"NO", either for in the "_enable" or the "_period" variable.

When the security output is not inlined, the mail subject has been
changed from "$host $arg run output" to "$host $arg $period run output".
For instance:
  myfbsd security run output ->  myfbsd security daily run output
I don't think this is considered as a stable API, but feel free to
correct me if I'm wrong.

Finally, I will rearrange periodic.conf(5) and default/periodic.conf
to put the security options in their own section.  I left them in
place for this commit to make reviewing easier.

Reviewed by:	hackers@
2013-08-27 21:20:28 +00:00
bin Add the ability to display the default FIB number for a process to the 2013-08-26 23:48:21 +00:00
cddl Build all ZFS testing & debugging tools with -g. 2013-08-27 04:01:31 +00:00
contrib Make the PAM password strength checking module WARNS=2 safe. 2013-08-27 15:50:26 +00:00
crypto Apply upstream revision 1.151 (fix relative symlinks) 2013-08-13 09:06:18 +00:00
etc Make the period of each periodic security script configurable. 2013-08-27 21:20:28 +00:00
games Remove a reference to instant-server which has been removed from the 2013-03-21 12:42:25 +00:00
gnu Teach libstdc++ about logl(3). 2013-08-13 20:28:21 +00:00
include Implement fdclosedir(3) function, which is equivalent to the closedir(3) 2013-08-18 20:11:34 +00:00
kerberos5 Fix the getpwnam_r() call in the pname_to_uid() kerberos library function so 2013-05-02 12:52:49 +00:00
lib * s_erf.c: 2013-08-27 19:46:56 +00:00
libexec Revert r253748,253749 2013-07-28 18:44:17 +00:00
release Fix 'make release' on older hosts: use buildworld legacy utilities. 2013-08-27 04:42:42 +00:00
rescue - Trim an unused and bogus Makefile for mount_smbfs. 2013-06-28 21:00:08 +00:00
sbin Add missing newlines to Fibre Channel attributes output. 2013-08-27 06:50:46 +00:00
secure Remove references to MK_IDEA. 2013-04-27 05:44:39 +00:00
share Make the period of each periodic security script configurable. 2013-08-27 21:20:28 +00:00
sys Pad m_hdr on 32bit architectures to to prevent alignment and padding 2013-08-27 20:52:02 +00:00
tools Formally remove WITH_BSDCONFIG build option and re-generate src.conf.5 2013-08-27 16:30:50 +00:00
usr.bin fix up my copyright and remove third clause.. 2013-08-26 18:51:48 +00:00
usr.sbin Allow single byte reads of the emulated MSI-X tables. This is not required 2013-08-27 16:50:48 +00:00
COPYRIGHT Happy New Year 2013! 2012-12-31 11:22:55 +00:00
LOCKS Test commit to make sure commit mail works after moving the server. 2012-12-29 16:03:23 +00:00
MAINTAINERS Add myself as maintainer for nvme(4), nvd(4) and nvmecontrol(8). 2013-07-31 18:18:02 +00:00
Makefile Don't let user specified DESTDIR, break building our chosen make. 2013-08-17 04:41:35 +00:00
Makefile.inc1 Update nvi-1.79 to 2.1.1-4334a8297f 2013-08-11 20:03:12 +00:00
ObsoleteFiles.inc Add more obsolete files. 2013-08-26 17:21:40 +00:00
README Import nvi-2.1.1-4334a8297f into the work area. This is the gsoc-2011 2013-08-11 09:44:58 +00:00
UPDATING Add note/reminder about dialog(1) regression in HEAD/10.0-C so that we don't 2013-08-27 16:10:44 +00:00

This is the top level of the FreeBSD source directory.  This file
was last revised on:
$FreeBSD$

For copyright information, please see the file COPYRIGHT in this
directory (additional copyright information also exists for some
sources in this tree - please see the specific source directories for
more information).

The Makefile in this directory supports a number of targets for
building components (or all) of the FreeBSD source tree, the most
commonly used one being ``world'', which rebuilds and installs
everything in the FreeBSD system from the source tree except the
kernel, the kernel-modules and the contents of /etc.  The ``world''
target should only be used in cases where the source tree has not
changed from the currently running version.  See:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html
for more information, including setting make(1) variables.

The ``buildkernel'' and ``installkernel'' targets build and install
the kernel and the modules (see below).  Please see the top of
the Makefile in this directory for more information on the
standard build targets and compile-time flags.

Building a kernel is a somewhat more involved process, documentation
for which can be found at:
   http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html
And in the config(8) man page.
Note: If you want to build and install the kernel with the
``buildkernel'' and ``installkernel'' targets, you might need to build
world before.  More information is available in the handbook.

The sample kernel configuration files reside in the sys/<arch>/conf
sub-directory (assuming that you've installed the kernel sources), the
file named GENERIC being the one used to build your initial installation
kernel.  The file NOTES contains entries and documentation for all possible
devices, not just those commonly used.  It is the successor of the ancient
LINT file, but in contrast to LINT, it is not buildable as a kernel but a
pure reference and documentation file.


Source Roadmap:
---------------
bin		System/user commands.

cddl		Various commands and libraries under the Common Development
		and Distribution License.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

games		Amusements.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

rescue		Build system for statically linked /rescue utilities.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

sys		Kernel sources.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.


For information on synchronizing your source tree with one or more of
the FreeBSD Project's development branches, please see:

  http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/synching.html