Commit Graph

23 Commits

Author SHA1 Message Date
Alan Somers
e2a212c1fb Quiet 450.status-security when *_inline="YES"
Previously, 450.status-security would always set rc=3 in inline mode,
because it doesn't know whether "periodic security" is going to find
anything interesting. But this annoyingly results in daily reports that
simply say "Security check: \n\n-- End of daily output --".

This change fixes that by testing whether "periodic security" printed
anything, and setting 450.status-security's exit status to 3 if it did. An
alternative would be to change the exit status of periodic(8) to be the
worst of its scripts' exit statuses, but that would be a more intrusive
change.

Reviewed by:	brian
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D10267
2017-04-06 01:37:03 +00:00
Alan Somers
cb23468e75 Allow 999.local to run scripts in any language
If one of the scripts listed in (daily|weekly|monthly)_local is executable,
999.local should simply execute it. Only if the script isn't executable
should 999.local assume it needs /bin/sh.

Reviewed by:	brian
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-02-01 23:22:54 +00:00
Glen Barber
a5a71822df Fix accounting package rc.d/accounting conflict.
Add periodic(8) accounting scripts to acct package.

Sponsored by:	The FreeBSD Foundation
2016-01-28 18:44:31 +00:00
Warner Losh
c6063d0da8 Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
Jung-uk Kim
b81c4e6563 Fix a typo introduced in r254975. 2013-08-27 22:37:29 +00:00
Jeremie Le Hen
622ceeb3fb Install 450.status-security. 2013-08-27 21:28:12 +00:00
Jeremie Le Hen
69b55c23cb Make the period of each periodic security script configurable.
There are now six additional variables
  weekly_status_security_enable
  weekly_status_security_inline
  weekly_status_security_output
  monthly_status_security_enable
  monthly_status_security_inline
  monthly_status_security_output
alongside their existing daily counterparts.  They all have the same
default values.

All other "daily_status_security_${scriptname}_${whatever}"
variables have been renamed to "security_status_${name}_${whatever}".
A compatibility shim has been introduced for the old variable names,
which we will be able to remove in 11.0-RELEASE.

"security_status_${name}_enable" is still a boolean but a new
"security_status_${name}_period" allows to define the period of
each script.  The value is one of "daily" (the default for backward
compatibility), "weekly", "monthly" and "NO".

Note that when the security periodic scripts are run directly from
crontab(5) (as opposed to being called by daily or weekly periodic
scripts), they will run unless the test is explicitely disabled with a
"NO", either for in the "_enable" or the "_period" variable.

When the security output is not inlined, the mail subject has been
changed from "$host $arg run output" to "$host $arg $period run output".
For instance:
  myfbsd security run output ->  myfbsd security daily run output
I don't think this is considered as a stable API, but feel free to
correct me if I'm wrong.

Finally, I will rearrange periodic.conf(5) and default/periodic.conf
to put the security options in their own section.  I left them in
place for this commit to make reviewing easier.

Reviewed by:	hackers@
2013-08-27 21:20:28 +00:00
Ed Schouten
9f0c9022c2 Add WITHOUT_UTMPX switch to the build system.
This knob removes the tools that are exclusively used to view and
maintain the databases maintained by utmpx, namely last, users, who,
wtmpcvt, ac, lastlogin and utxrm.

The tool w is not in this list, because it has some other functionality
which is unrelated to utmpx; it is hardlinked to the uptime tool.
2011-06-17 21:30:21 +00:00
Ed Schouten
f1c344b293 Don't omit ac(8) as part of WITHOUT_ACCT.
The WITHOUT_ACCT switch is supposed to omit tools related to process
accounting, namely accton and sa. ac(8) is just a simple tool that
prints statistics based on data in the utx.log database. It has nothing
to do with the former.
2011-06-17 20:47:44 +00:00
Ed Schouten
1e40039260 Let rc and periodic infrastructure and newsyslog use the utmpx files. 2010-01-13 19:07:48 +00:00
Sam Leffler
690f477d75 add new build knobs and jigger some existing controls to improve
control over the result of buildworld and installworld; this especially
helps packaging systems such as nanobsd

Reviewed by:	various (posted to arch)
MFC after:	1 month
2008-09-21 22:02:26 +00:00
Andrey A. Chernov
15897030c6 Make it work with POSIX sort (POS arg).
All old sorts understand -k too.
2002-09-24 18:53:46 +00:00
Ruslan Ermilov
bff0acee63 Install scripts via FILES (purposedly not via SCRIPTS that would
strip the suffixes).
2002-07-18 12:33:01 +00:00
Brian Somers
9e280368ad Temporarily change our umask to 066 so that the potential creation
of wtmp.0 is done as mode 600.

This ensures that tight permissions set in /etc/newsyslog.conf for
wtmp logging aren't ``betrayed''.

Suggested by:	lumpy <lumpy@the.whole.net>
MFC after:	3 days
2002-05-17 14:05:08 +00:00
Brian Somers
ee9336d9b7 Handle .bz2 files created by newsyslog
PR:			37529
Partially submitted by:	Peter Hollaubek <fifteen@inext.hu>
MFC after:		1 week
2002-04-30 17:07:32 +00:00
Brian Somers
6eb9bd2d1f Handle wtmp.0 being compressed
PR:		32113
Submitted by:	Yar Tikhiy <yar@comp.chem.msu.su>
MFC after:	1 week
2001-11-20 15:01:24 +00:00
Doug Barton
ebb4c1b9a4 Small adjustment to whitespace in output 2001-06-01 16:40:57 +00:00
Brian Somers
9ed55d1192 Another overhaul of the periodic stuff.
All periodic sub-scripts <larf> now have their return codes interpreted
by periodic(8).  Output may be masked based on variable values in
periodic.conf.

It's also now possible to email periodic output to arbitrary addresses,
or to send it to a log file, examples of which can be found in
newsyslog.conf.

The upshot of it all should be no discernable changes to the default
behaviour of periodic(8).

PR:	21250
2000-09-14 17:19:15 +00:00
Brian Somers
f3e285ba7d Introduce /etc/defaults/periodic.conf, similar in concept to rc.conf.
The only change in the default functionality should be that
the output reports are slightly more verbose WRT files deleted.

Not objected to by: freebsd-arch
2000-06-23 01:18:31 +00:00
Peter Wemm
9b7a44a60e $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00
Garrett Wollman
19f1101052 Now that newsyslog is capable of doing this at a specific time,
let it rotate /var/log/wtmp again, and update monthly/200.accounting to
take this into account.  (Some sites might want to change the parameters
of the rotation; it's easier to do this when it's all centralized in
newsyslog.conf.)
1999-01-28 20:03:31 +00:00
Daniel O'Callaghan
8e525b0803 PR: 1708, 5448
Reviewed by:	Alex Nash, Steve Price
Enhance wtmp monthly handling
1998-02-09 11:36:43 +00:00
Paul Traina
12c88fdf8b Copy /etc/cron.d to /etc/periodic per-request of many.
This wasn't done with a repository copy because there was no
history of any consequence.  Flames to me.
1997-08-16 17:04:02 +00:00