Apparently using tty for this purpose has been deprecated since 4.4 Lite.
Reviewed by: cy
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D21318
Revision 316342, which introduced the anticongestion feature, failed to
consider that the periodic scripts are executed by a recursive invocation of
periodic. The recursive invocation wrongly cleaned up a temporary file that
should've been cleaned up only by the original invocation. The result is
that if the first script that requests an anticongestion sleep runs after
the security scripts, the sleep won't happen.
Fix this bug by delaying cleanup until the end of the original invocation.
PR: 236564
Submitted by: Yasuhiro KIMURA <yasu@utahime.org>
Reviewed by: imp
MFC after: 1 month
When called with an absolute pathname, periodic should attempt to execute
every script in that directory. If the directory does not exist, it should
print an error and exit 1. Due to a copy/paste mistake in r231568, it exits
0 in that case.
Reported by: devel/hs-ShellCheck
MFC after: 3 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D13070
Multiple periodic scripts sleep for a random amount of time in order to
mitigate the thundering herd problem. This is bad, because the sum of
multiple uniformly distributed random variables approaches a normal
distribution, so the problem isn't mitigated as effectively as it would be
with a single sleep.
This change creates a single configurable anticongestion sleep. periodic
will only sleep if at least one script requires it, and it will never sleep
more than once per invocation. It also won't sleep if periodic was run
interactively, fixing an unrelated longstanding bug.
PR: 217055
PR: 210188
Reviewed by: cy
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D10211
periodic(8) already handles the security_show_{success,info,badconfig}
variables correctly. However, those variables aren't explicitly set in
/etc/defaults/periodic.conf or anywhere else, which suggests to the user
that they shouldn't be used.
etc/defaults/periodic.conf
Explicitly set defaults for security_show_{success,info,badconfig}
usr.sbin/periodic/periodic.sh
Update usage string
usr.sbin/periodic/periodic.8
Minor man page updates
One thing I'm _not_ doing is recommending setting security_output to
/var/log/security.log or adding that file to /etc/newsyslog.conf, because
periodic(8) would create it with default permissions, usually 644, and
that's probably a bad idea.
Reviewed by: brd
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D6477
More concretely, periodic security scripts defaults to being
called from daily ones -- daily context -- so the mail subject
will now be "${HOST} daily security run output" instead of
"{HOST} security run output".
If you switch the period of some security checks to weekly, you
will receive another email "${HOST} weekly security run output".
starting up before the previous script finishes. This prevents an
infinite number of them from piling up and slowing a system down.
Since all the refactoring to make this happen required churning the
indenting of most of this file, make the indentation more consistent.
Reviewed by: simon
MFC after: 1 week
The man page part of the patch is my fault, the changes to the
periodic script is Dominik's.
PR: 88486
Submitted by: Dominik Brettnacher <domi@saargate.de>
Reviewed by: brian
Approved by: re
MFC after: 1 month
it again and again, practically begging the Bad Man to insert his symlink
underneath it and send us down the path to oblivion.
Noticed by: David Lary <dlary@secureworks.net>
so that we don't see any more ``null message body, hope that's
ok'' messages.
We now see something like ``No output from the 3 files processed''.
Lump all output for a given periodic argument together so that
people with /usr/local/etc/periodic/daily (for example) will
get the output of those jobs together with the normal daily run
rather than getting a second email.
Prompted by: ben
All periodic sub-scripts <larf> now have their return codes interpreted
by periodic(8). Output may be masked based on variable values in
periodic.conf.
It's also now possible to email periodic output to arbitrary addresses,
or to send it to a log file, examples of which can be found in
newsyslog.conf.
The upshot of it all should be no discernable changes to the default
behaviour of periodic(8).
PR: 21250
The only change in the default functionality should be that
the output reports are slightly more verbose WRT files deleted.
Not objected to by: freebsd-arch
to a hostname. This will help those who keep a cluster of machines all with
the same hostname but different domain names.
PR: bin/9091
Submitted By: Heikki Suonsivu <hsu@clinet.fi>
No Response From: -current mailing list