| Age | Commit message (Collapse) | Author |
|---|
|
violations in system accounting. This will help to find missbehaving
programs and possible attacks. The flags bit field is full, so
recycle the PDP-11 compatibility on VAX. lastcomm(1) prints the
AMAP flag as 'M'. daily(8) prints a list of affected processes.
OK deraadt@
|
|
input Janne Johansson, schwarze@; OK deraadt@ millert@
|
|
hw.disknames. This can only happen due to a failure or user error.
In either case, silent failure makes it hard to discover and debug.
Now it will be easy to spot in the daily mail.
ok rob, schwarze
|
|
false warnings in the frist three daily mails after process accounting
has been turned on.
from Raf Czlonka
|
|
violations in the daily mail.
OK millert@ jmc@
|
|
On a real mailserver, it's too noisy and may be a privacy concern.
On a machine that's not a mailserver, it's pointless.
Besides, Theo points out that running subsystems that potentially
parse untrusted user data daily, at a predictable time, as root
is not a very good idea in the first place.
Suggested by millert@; gilles@ matthieu@ deraadt@ sthen@ agree
|
|
from ian@
|
|
prodded by matthieu@
ok millert@ jung@ sthen@
|
|
Based on an original idea and a different patch from landry@.
OK jung@ zhuk@ landry@
krw@ agreed to the general idea
|
|
to /usr/ports/pobj years ago.
OK millert@, ajacoutot@
|
|
worth noting
"go ahead" schwarze@
|
|
often space-constrained /var filesystem was a historical mistake. There
are big implications for the daemons which assume they won't run out of
space, and this is a first step towards trying to improve the situation.
Move /tmp to the same 7-day expiration rules that /var/tmp had.
vi.recover works just as well as before, except on memory filesystems;
indicating that vi should be repaired to write files into homedirs or
something.
done with rpe
ok many
|
|
ok schwarze@
|
|
|
|
|
|
a few developers thought this was a reasonable/good idea.
|
|
|
|
paths which are rarely tried. Problem reported by a few on the list.
|
|
SMART enabled.
Committing now so that it gets broader testing.
Man page bits will be added once we are confident there is no side
effect and this can stay.
inputs from sthen@ halex@ weerd@
ok deraadt@
|
|
duid and device entries in fstab. As a bonus make commented out
lines in fstab in-eligable for altroot detection.
ok halex@ deraadt@
|
|
Reported by & fix tested by Dave Anderson. Thanks!
ok deraadt@
|
|
out by Arne Becker, who also supplied the diff, thanks!
ok schwarze@
agreed by many
|
|
to the old /etc/security script because daily sourced it.
Now we fork and exec, so SUIDSKIP must be promoted to the environment.
Problem reported, fix tested and ok weerd@.
|
|
to the new Perl script /usr/libexec/security.
The new script was tested by sthen@ and ajacoutot@.
Committing now due to repeated prodding from deraadt@.
In case problems show up, they will be fixed in tree.
|
|
ok phessler@ sthen@
|
|
Lots of agreement.
|
|
|
|
1) replace +%e by +%d, unescaped blanks don't work at all in file names
2) replace +%b by +%m to make log files sort better by month
3) replace the home-grown +%Y.%m.%d by the standard +%F (= +%Y-%m-%d)
from Tim van der Molen <tbvdm at xs4all dot nl>, thanks!
ok okan@
|
|
1) advertise *.local and next_part near the top of the three scripts
2) daily: mention smtpd(8) mailq behaviour (like for sendmail, postfix, exim)
3) weekly: drop a comment trivially rehashing the next two lines of code
documenting next_part in the scripts was suggested by jmc@
ok sthen@ okan@ halex@; "i won't object" ajacoutot@
|
|
Do not attempt to copy a larger partition onto a smaller one.
Backup of non-ffs root partitions was never supported, so don't even try.
(Both of the above suggested by guenther@).
Also add error messages in case ROOTBACKUP is switched on but severely
misconfigured - those were silently ignored in the past:
/altroot not defined or wrong type or on the same device as root.
otto@ agrees that checking the sizes makes sense
|
|
suggested, tweaked and ok by guenther@
|
|
i.e. rely on the PATH set up in the root crontab(5)
in case /usr/local/bin is needed, daily.local is a logical place to append it
suggested by ajacoutot@; "i like this" okan@; feedback jmc@ deraadt@;
"i don't strongly object" sthen@
|
|
by moving it down to the bottom of the code;
"I definitely like this" ajacoutot@
|
|
When set to 0, daily(8) won't send mail unless there is something to report.
Using feedback from kettenis@ henning@ jmc@
OK sthen@ jmc@
|
|
in order not to annoy parser scripts and their owners (like henning@)
|
|
add the same infrastructure to daily; silencing daily needs another step
discussed with ajacoutot@ okan@ todd@ sthen@ deraadt@ jmc@
"immediately commit" deraadt@ (without seeing the final diff)
|
|
while here, remove the misleading shbang and an unused variable
and add the missing cross reference to ac(8)
ok sthen@ jmc@
|
|
(output logs are still umask 077)
"i think this is right" deraadt@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
the / -> /altroot copy. OK deraadt@
|
|
|
|
ok millert@
|
|
|
|
millert@ ok
|
