#
272461 |
|
02-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
261143 |
|
24-Jan-2014 |
bapt |
MFH: r261027
Remove pkg_* related info from periodic.conf
Reported by Robin Brocks <robin.brocks@brocks.de>
|
#
258121 |
|
14-Nov-2013 |
glebius |
Merge r257694 from head:
Remove remnants of BIND from /etc, since there is no BIND in base now.
Sorry, that would break users running head and BIND from ports, since ports rely on these scripts. The ports will be fixed soon.
Approved by: re (kib)
|
#
257508 |
|
01-Nov-2013 |
jlh |
MFC r257361: Fix compatibility function for old daily_status_security_${name}_enable variables.
PR: conf/183137
MFC r257364: Fix indentation.
Approved by: re (gjb)
|
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
255169 |
|
03-Sep-2013 |
jlh |
Since r254974, periodic scripts' period can be configured independently. There is no reason to leave their options with the daily ones, so move them to their own section. Move periodic scripts' options into their own section. Since r254974,
|
#
254974 |
|
27-Aug-2013 |
jlh |
Make the period of each periodic security script configurable.
There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values.
All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE.
"security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO".
Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable.
When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong.
Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier.
Reviewed by: hackers@
|
#
254827 |
|
25-Aug-2013 |
jlh |
Move daily_status_security_noamd next to 200.chkmounts's variables.
|
#
249095 |
|
04-Apr-2013 |
mav |
Remove periodic script for ataraid(4) and add instead script for graid(8).
|
#
241788 |
|
20-Oct-2012 |
ume |
Set default for ${pkg_info} like ${pkg_version}.
MFC after: 1 week
|
#
241787 |
|
20-Oct-2012 |
ume |
Use correct INDEX on 10-CURRENT.
|
#
238416 |
|
13-Jul-2012 |
kevlo |
Whitespace nit
|
#
236284 |
|
30-May-2012 |
eadler |
Don't attempt to delete .sujournal in /tmp
PR: conf/163828 Submitted by: Tatsuki Makino <tatsuki_makino@hotmail.com> Approved by: cperciva MFC after: 1 week
|
#
231171 |
|
07-Feb-2012 |
gjb |
Add an option to 404.status-zfs (enabled by default) to list all zfs pools on the system.
While here, document daily_status_zfs_enable in periodic.conf(5).
Discussed on: -fs [1] Reviewed by: netchild [1] Approved by: jhb MFC after: 1 week
[1] - http://lists.freebsd.org/pipermail/freebsd-fs/2011-June/011869.html
|
#
226865 |
|
27-Oct-2011 |
delphij |
Increase default scrub threshold from 30 days to 5 weeks. Using whole weeks makes it easier to predicate when the scrub would happen.
MFC after: 1 week
|
#
226471 |
|
17-Oct-2011 |
se |
Add missing default values for daily/800.scrub-zfs for documentation purposes. No functional change, since all parameters are set to their default values. MFC after: 1 week
|
#
220020 |
|
26-Mar-2011 |
dougb |
Add a daily period script to back up /var/db/pkg
The final product contains work from the originator, and Florent Thoumie <florent.thoumie@gmail.com>. The final product contains considerable re-working by me, so all responsibility for bugs rests under my pointy hat.
PR: ports/145957 Submitted by: Eitan Adler <EitanAdlerList@gmail.com>
|
#
219018 |
|
24-Feb-2011 |
brooks |
Enable the check for negative permissions (the group on a file can't do something "everyone" can) by default.
X-MFC after: never
|
#
215213 |
|
12-Nov-2010 |
brooks |
Add an (off by default) check for negative permissions (where the group on a object has less permissions that everyone). These permissions will not work reliably over NFS if you have more than 14 supplemental groups and are usually not what you mean.
MFC after: 1 week
|
#
210863 |
|
05-Aug-2010 |
olli |
Add a daily script to the periodic framework that reports changes to the package database, i.e. any packages that have been added, updated or deleted in the past 24 hours. The format is intentionally simple and concise.
That information is particularly useful on servers that are maintained by multiple administrators. When someone adds, updates or deletes a package, the others will see it in the daily periodic output.
This script is disabled by default.
PR: conf/113913 Submitted by: olli Approved by: des (mentor) MFC after: 3 weeks
|
#
210254 |
|
19-Jul-2010 |
gabor |
- Add a periodic script, which can be used to find installed ports' files with mismatched checksum
PR: conf/124641 Submitted by: Alex Kozlov <spam@rm-rf.kiev.ua> Approved by: delphij (mentor)
|
#
205509 |
|
23-Mar-2010 |
joerg |
Add .snap to daily_clean_tmps_ignore; /tmp/.snap ist not supposed to be auto-removed (and /tmp is a filesystem of its own now by default).
MFC after: 3 days
|
#
196442 |
|
23-Aug-2009 |
kensmith |
Update name of INDEX file as part of 8.0 -> 9.0 transition.
|
#
175153 |
|
08-Jan-2008 |
dds |
A new configuration variable, daily_status_mail_rejects_shorten, allows the rejected mail reports to tally the rejects per blacklist without providing details about individual sender hosts. The default configuration keeps the reports in their original form.
MFC after: 1 week
|
#
174817 |
|
20-Dec-2007 |
dougb |
Update pkg_version_index to INDEX-8
|
#
174028 |
|
28-Nov-2007 |
jhb |
Don't delete files in the X11 socket directories under /tmp (.X11-unix, .ICE-unix, .font-unix, .XIM-unix) when purging files from /tmp via the daily 100.clean-tmps job. If you are logged into an X session longer than the timeout period (default of 3 days), then this job can delete the X11 sockets out from under the session without this fix.
MFC after: 3 days
|
#
170085 |
|
29-May-2007 |
dougb |
Now that a separate /usr/X11R6 directory is no longer in fashion, stop looking there for things like rc.d and periodic. This avoids duplicating effort when /usr/X11R6 is a symlink to /usr/local, which it is by default now.
It is not anticipated at this time that we will MFC this change, since we'd like to avoid breaking legacy systems. However, there is a fix for /etc/rc.subr in the works to avoid running any rc.d scripts twice which we should be able to MFC.
|
#
169517 |
|
13-May-2007 |
maxim |
o Add a script to check ntpd(8) state. Default is off.
PR: conf/112604 Submitted by: Oliver Fromme MFC after: 1 month
|
#
168412 |
|
06-Apr-2007 |
pjd |
Add ZFS periodic scripts that monitors status of ZFS pools.
Submitted by: des
|
#
161708 |
|
29-Aug-2006 |
ru |
The kvm_mkdb(8) is long dead.
|
#
161664 |
|
27-Aug-2006 |
dougb |
Use ports INDEX-7 instead of INDEX-6
Submitted by: Niclas Zeising <lothrandil@n00b.apagnu.se>
|
#
161602 |
|
25-Aug-2006 |
trhodes |
Add login.conf checking to periodic security scripts. If the login.conf file is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.
Head nod: ru, rwatson
|
#
158497 |
|
12-May-2006 |
mlaier |
Move etc/rc.firewall6 to ipfw2+v6, update related rc.d and periodic scripts. Since ipfw2 now does dual-stack, statistics for IPv6 come from the ipfw scripts as well.
|
#
156216 |
|
02-Mar-2006 |
brueffer |
Add the graid3(8), gstripe(8) and gconcat(8) status scripts, default is "off".
Approved by: rwatson (mentor)
|
#
155060 |
|
30-Jan-2006 |
matteo |
Make df output more consistent: Remove -k now that -h is present use -l instead of -t nonfs to match smbfs too [1] PR: conf/50956 [1] Approved by: philip (mentor) MFC after: 3 days
|
#
155046 |
|
30-Jan-2006 |
matteo |
Make df output in periodic mail human readable
PR: conf/87196 Submitted by: Mike <mspam@ideaway.net> Approved by: philip (mentor) MFC after: 3 days
|
#
154304 |
|
13-Jan-2006 |
wollman |
Add a daily script to show the status of gmirror(8) devices.
|
#
140771 |
|
24-Jan-2005 |
keramida |
Add a reference to the periodic.conf(5) manual page.
Suggested by: simon
|
#
139677 |
|
04-Jan-2005 |
paul |
Ports index file is now INDEX-6
|
#
138061 |
|
24-Nov-2004 |
mlaier |
Teach periodic(8) security output to display information about blocked packet counts by pf(4).
This adds a ``daily_status_security_pfdenied_enable'' variable to periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.
The output will look like this (line wrapped):
pf denied packets: > block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0 Bytes: 0 States: 0 ] > block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578 States: 0 ]
Submitted by: clive (thanks a lot!) MFC after: 2 weeks
|
#
135591 |
|
23-Sep-2004 |
jkoshy |
Add a knob 'daily_status_security_diff_flags' controlling the format of the 'diff' output generated during periodic(8) scripts.
Submitted by: keramida (script changes) Reviewed by: keramida (man page changes)
|
#
129424 |
|
19-May-2004 |
joe |
Allow the location of the INDEX file to specified to pkg_version. This is particularly convenient on a cluster of machines to prevent having to rebuild the INDEX file on each.
Reviewed by: portmgr
|
#
128473 |
|
20-Apr-2004 |
darrenr |
Add script for checking ipv6 blocked packets from PR.
PR: misc/50154 Submitted by: Kimura Fuyuki <fuyuki@hadaly.org>
|
#
123498 |
|
12-Dec-2003 |
jesper |
Fix typo, I forgot daily_ in front of the status_ata_raid_enable
|
#
121620 |
|
27-Oct-2003 |
jesper |
Add status checking of ATA raid to the daily periodic scripts.
|
#
112949 |
|
01-Apr-2003 |
jhb |
Complete removal of 320.rdist by removing its entry from periodic.conf and removing the related 220.backup-distfile script and associatd periodic.conf entry.
Discussed with: obrien
|
#
108959 |
|
08-Jan-2003 |
wollman |
Tighten wording of comment.
Suggested by: gshapiro
|
#
108958 |
|
08-Jan-2003 |
wollman |
Do not do manually what sendmail(8) can do better automatically. Tell sendmail to clean up its own host status cache. The error condition handling could probably be done better.
|
#
105937 |
|
25-Oct-2002 |
thomas |
Add a new /etc/periodic/security script to check for packets rejected by ipfilter (510.ipfdenied), and a corresponding periodic.conf knob (daily_status_security_ipfdenied_enable).
Reviewed by: roberto Approved by: re@
|
#
103948 |
|
25-Sep-2002 |
brian |
Add a pkg_version variable so that it's possible to run portsversion instead of pkg_version in periodic/weekly/400.status-pkg.
|
#
101607 |
|
09-Aug-2002 |
fanf |
Remove trailing whitespace.
|
#
94342 |
|
10-Apr-2002 |
gshapiro |
Update mail queue related periodic scripts to account for sendmail 8.12's clientmqueue (submit mail queue).
The new mailq display is only active if both the old daily_status_mailq_enable is set to "YES" and the new daily_status_include_submit_mailq is set to "YES" so people who disabled 440.status-mailq won't have any surprises.
Likewise, the new queue run is only active if both the old daily_queuerun_enable is set to "YES" and the new daily_submit_queuerun is set to "YES" so people who disabled 500.queuerun won't have any surprises.
While I am here, remove the [ ! -d /var/spool/mqueue ] checks from both scripts as the queue directory isn't always /var/spool/mqueue for the main daemon -- it can be set to anything in the sendmail.cf file.
MFC after: 1 week
|
#
87514 |
|
07-Dec-2001 |
cjc |
Long ago, there was just /etc/daily. Then /etc/security was split out of /etc/daily. Some time later, /etc/daily became a set of periodic(8) scripts. Now, this evolution continues, and /etc/security has been broken into periodic(8) scripts to make local customization easier and more maintainable.
Reviewed by: ru Approved by: ru
|
#
85481 |
|
25-Oct-2001 |
ru |
Finish the removal of uucp scripts.
Forgotten by: kris
|
#
80368 |
|
26-Jul-2001 |
brian |
Remove $daily_status_named_logs and figure out which /var/log/messages* files to look an (in the same way that /etc/security does).
Don't single-quote $start, reducing it to an empty string.
MFC after: 3 days
|
#
77575 |
|
01-Jun-2001 |
ru |
Remove vestiges of MFS.
|
#
77496 |
|
30-May-2001 |
brian |
Default daily_accounting_flags to -q. I thought this was a typo in the originally submitted patch (oops!).
Also check for an empty $daily_accounting_save.
Submitted by: Udo Schweigert <Udo.Schweigert@cert.siemens.de>
|
#
77492 |
|
30-May-2001 |
brian |
Add $daily_accounting_save and $daily_accounting_flags
Submitted by: Udo Schweigert <Udo.Schweigert@cert.siemens.de> MFC after: 2 weeks
|
#
75809 |
|
21-Apr-2001 |
dirk |
Check for denied zone transfers (AXFR and IXFR).
|
#
74314 |
|
15-Mar-2001 |
brian |
Fix a comment
PR: 25831 Submitted by: quinot@inf.enst.fr
|
#
72677 |
|
19-Feb-2001 |
peter |
Move the sendmail -q from cron to periodic, as suggested by a few people. This has the benefit of adding a random start time element as daily processing takes a different amount of time on different machines.
|
#
71834 |
|
30-Jan-2001 |
brian |
Allow the output of /etc/security to be logged or mailed to different users in line with ${daily,weekly,monthly}_output using a new $daily_status_security_output variable.
PR: 24643
|
#
65843 |
|
14-Sep-2000 |
brian |
Another overhaul of the periodic stuff.
All periodic sub-scripts <larf> now have their return codes interpreted by periodic(8). Output may be masked based on variable values in periodic.conf.
It's also now possible to email periodic output to arbitrary addresses, or to send it to a log file, examples of which can be found in newsyslog.conf.
The upshot of it all should be no discernable changes to the default behaviour of periodic(8).
PR: 21250
|
#
62644 |
|
05-Jul-2000 |
sheldonh |
The previous commit changed the df(1) units flag from -k to -h, which produced human-readable output. I like this, but it's certainly not something to change willy-nilly without discussion. Revert to -k.
Anyway, the new variable allows folks to pick any units flag that fits their fancy.
|
#
62636 |
|
05-Jul-2000 |
sheldonh |
Introduce a new option, daily_status_disks_df_flags, which specifies the command-line arguments to be used for the call to df(1) when daily_status_disks_enable is set to YES.
The name of the new variable was chosen by the maintainer of our periodic hierarchy, Brian Somers.
PR: 19631
|
#
62274 |
|
30-Jun-2000 |
brian |
Add $daily_status_mail_rejects_logs, defaulting to 3 to control how many /var/log/maillog* files to check
PR: 19587
|
#
62206 |
|
28-Jun-2000 |
brian |
Fix a comment
Submitted by: joe
|
#
62155 |
|
27-Jun-2000 |
brian |
Add weekly_status_pkg_enable (defaults to NO)
|
#
62054 |
|
25-Jun-2000 |
brian |
Allow compressed acct files
PR: 19483 Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>
|
#
61981 |
|
22-Jun-2000 |
brian |
Introduce /etc/defaults/periodic.conf, similar in concept to rc.conf. The only change in the default functionality should be that the output reports are slightly more verbose WRT files deleted.
Not objected to by: freebsd-arch
|