[Midnightbsd-cvs] src [11708] trunk/share/man/man5/periodic.conf.5: update period man page

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Mon Jul 9 09:08:18 EDT 2018 

Revision: 11708
          http://svnweb.midnightbsd.org/src/?rev=11708
Author:   laffer1
Date:     2018-07-09 09:08:17 -0400 (Mon, 09 Jul 2018)
Log Message:
-----------
update period man page

Modified Paths:
--------------
    trunk/share/man/man5/periodic.conf.5

Property Changed:
----------------
    trunk/share/man/man5/periodic.conf.5

Modified: trunk/share/man/man5/periodic.conf.5
===================================================================
--- trunk/share/man/man5/periodic.conf.5	2018-07-09 13:07:10 UTC (rev 11707)
+++ trunk/share/man/man5/periodic.conf.5	2018-07-09 13:08:17 UTC (rev 11708)
@@ -1,3 +1,4 @@
+.\" $MidnightBSD$
 .\"-
 .\" Copyright (c) 2000 Brian Somers <brian at Awfulhak.org>
 .\" All rights reserved.
@@ -23,9 +24,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $MidnightBSD$
+.\" $FreeBSD: stable/10/share/man/man5/periodic.conf.5 282243 2015-04-29 18:57:19Z jhb $
 .\"
-.Dd May 30, 2012
+.Dd March 26, 2015
 .Dt PERIODIC.CONF 5
 .Os
 .Sh NAME
@@ -335,6 +336,8 @@
 .Va daily_status_disks_enable
 is set to
 .Dq Li YES .
+The default is
+.Fl l Fl h .
 .It Va daily_status_zfs_enable
 .Pq Vt bool
 Set to
@@ -357,15 +360,6 @@
 .Va daily_status_zfs_enable
 to be set to
 .Li YES .
-.It Va daily_status_ata_raid_enable
-.Pq Vt bool
-Set to
-.Dq Li YES
-if you want to run
-.Nm atacontrol Cm status
-on your
-.Xr ataraid 4
-arrays.
 .It Va daily_status_gmirror_enable
 .Pq Vt bool
 Set to
@@ -408,6 +402,16 @@
 .Dq Li YES
 if you want to run
 .Nm netstat Fl i .
+.It Va daily_status_network_netstat_flags
+.Pq Vt str
+Set to additional arguments for the
+.Xr netstat 1
+utility when
+.Va daily_status_network_enable
+is set to
+.Dq Li YES .
+The default is
+.Fl d .
 .It Va daily_status_network_usedns
 .Pq Vt bool
 Set to
@@ -491,121 +495,6 @@
 .Va *_output
 variables above, namely it can be set either to one or more email addresses
 or to an absolute file name.
-.It Va daily_status_security_diff_flags
-.Pq Vt str
-Set to the arguments to pass to the
-.Xr diff 1
-utility when generating differences.
-The default is
-.Fl b u .
-.It Va daily_status_security_chksetuid_enable
-.Pq Vt bool
-Set to
-.Dq Li YES
-to compare the modes and modification times of setuid executables with
-the previous day's values.
-.It Va daily_status_security_chkportsum_enable
-.Pq Vt bool
-Set to
-.Dq Li YES
-to verify checksums of all installed packages against the known checksums in
-.Pa /var/db/pkg .
-.It Va daily_status_security_neggrpperm_enable
-.Pq Vt bool
-Set to
-.Dq Li YES
-to check for files where the group of a file has less permissions than
-the world at large.
-When users are in more than 14 supplemental groups these negative
-permissions may not be enforced via NFS shares.
-.It Va daily_status_security_chkmounts_enable
-.Pq Vt bool
-Set to
-.Dq Li YES
-to check for changes mounted file systems to the previous day's values.
-.It Va daily_status_security_noamd
-.Pq Vt bool
-Set to
-.Dq Li YES
-if you want to ignore
-.Xr amd 8
-mounts when comparing against yesterday's file system mounts in the
-.Va daily_status_security_chkmounts_enable
-check.
-.It Va daily_status_security_chkuid0_enable
-.Pq Vt bool
-Set to
-.Dq Li YES
-to check
-.Pa /etc/master.passwd
-for accounts with UID 0.
-.It Va daily_status_security_passwdless_enable
-.Pq Vt bool
-Set to
-.Dq Li YES
-to check
-.Pa /etc/master.passwd
-for accounts with empty passwords.
-.It Va daily_status_security_logincheck_enable
-.Pq Vt bool
-Set to
-.Dq Li YES
-to check
-.Pa /etc/login.conf
-ownership, see
-.Xr login.conf 5
-for more information.
-.It Va daily_status_security_ipfwdenied_enable
-.Pq Vt bool
-Set to
-.Dq Li YES
-to show log entries for packets denied by
-.Xr ipfw 8
-since yesterday's check.
-.It Va daily_status_security_ipfdenied_enable
-.Pq Vt bool
-Set to
-.Dq Li YES
-to show log entries for packets denied by
-.Xr ipf 8
-since yesterday's check.
-.It Va daily_status_security_pfdenied_enable
-.Pq Vt bool
-Set to
-.Dq Li YES
-to show log entries for packets denied by
-.Xr pf 4
-since yesterday's check.
-.It Va daily_status_security_ipfwlimit_enable
-.Pq Vt bool
-Set to
-.Dq Li YES
-to display
-.Xr ipfw 8
-rules that have reached their verbosity limit.
-.It Va daily_status_security_kernelmsg_enable
-.Pq Vt bool
-Set to
-.Dq Li YES
-to show new
-.Xr dmesg 8
-entries since yesterday's check.
-.It Va daily_status_security_loginfail_enable
-.Pq Vt bool
-Set to
-.Dq Li YES
-to display failed logins from
-.Pa /var/log/messages
-in the previous day.
-.It Va daily_status_security_tcpwrap_enable
-.Pq Vt bool
-Set to
-.Dq Li YES
-to display connections denied by tcpwrappers (see
-.Xr hosts_access 5 )
-from
-.Pa /var/log/messages
-during the previous day.
 .It Va daily_status_mail_rejects_enable
 .Pq Vt bool
 Set to
@@ -617,22 +506,16 @@
 .Pq Vt num
 Set to the number of maillog files that should be checked
 for yesterday's mail rejects.
-.It Va daily_status_named_enable
+.It Va daily_status_ntpd
 .Pq Vt bool
 Set to
 .Dq Li YES
-if you want to summarise denied zone transfers (AXFR and IXFR)
-for the previous day.
-.It Va daily_status_named_usedns
+if you want to enable NTP status check.
+.It Va daily_status_world_kernel
 .Pq Vt bool
 Set to
 .Dq Li YES
-if you want to enable reverse DNS lookups.
-.It Va daily_status_ntpd
-.Pq Vt bool
-Set to
-.Dq Li YES
-if you want to enable NTP status check.
+to check the running userland and kernel are in sync.
 .It Va daily_queuerun_enable
 .Pq Vt bool
 Set to
@@ -718,6 +601,18 @@
 A list of directories under which orphaned files are searched for.
 This would usually be set to
 .Pa / .
+.It Va weekly_status_security_enable
+.Pq Vt bool
+Weekly counterpart of
+.Va daily_status_securiy_enable .
+.It Va weekly_status_security_inline
+.Pq Vt bool
+Weekly counterpart of
+.Va daily_status_securiy_inline .
+.It Va weekly_status_security_output
+.Pq Vt str
+Weekly counterpart of
+.Va daily_status_securiy_output .
 .It Va weekly_status_pkg_enable
 .Pq Vt bool
 Set to
@@ -785,6 +680,18 @@
 if you want to do login accounting using the
 .Xr ac 8
 command.
+.It Va monthly_status_security_enable
+.Pq Vt bool
+Monthly counterpart of
+.Va daily_status_securiy_enable .
+.It Va monthly_status_security_inline
+.Pq Vt bool
+Monthly counterpart of
+.Va daily_status_securiy_inline .
+.It Va monthly_status_security_output
+.Pq Vt str
+Monthly counterpart of
+.Va daily_status_securiy_output .
 .It Va monthly_local
 .Pq Vt str
 Set to a list of extra scripts that should be run after all other
@@ -791,6 +698,261 @@
 monthly scripts.
 All scripts must be absolute path names.
 .El
+.Pp
+The following variables are used by the standard scripts that reside in
+.Pa /etc/periodic/security .
+Those scripts are usually run from daily
+.Pq Va daily_status_security_enable ,
+weekly
+.Pq Va weekly_status_security_enable ,
+and monthly
+.Pq Va monthly_status_security_enable
+periodic hooks.
+The
+.Va ..._period
+of each script can be configured as
+.Dq daily ,
+.Dq weekly ,
+.Dq monthly
+or
+.Dq NO .
+Note that when periodic security scripts are run from
+.Xr crontab 5 ,
+they will be always run unless their
+.Va ..._enable
+or
+.Va ..._period
+variable is set to
+.Dq No .
+.Bl -tag -offset 4n -width 2n
+.It Va security_status_diff_flags
+.Pq Vt str
+Set to the arguments to pass to the
+.Xr diff 1
+utility when generating differences.
+The default is
+.Fl b u .
+.It Va security_status_chksetuid_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+to compare the modes and modification times of setuid executables with
+the previous day's values.
+.It Va security_status_chksetuid_period
+.Pq Vt str
+Set to either
+.Dq Li daily ,
+.Dq Li weekly ,
+.Dq Li monthly
+or
+.Dq Li NO .
+.It Va security_status_chkportsum_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+to verify checksums of all installed packages against the known checksums in
+.Pa /var/db/pkg .
+.It Va security_status_chkportsum_period
+.Pq Vt str
+Set to either
+.Dq Li daily ,
+.Dq Li weekly ,
+.Dq Li monthly
+or
+.Dq Li NO .
+.It Va security_status_neggrpperm_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+to check for files where the group of a file has less permissions than
+the world at large.
+When users are in more than 14 supplemental groups these negative
+permissions may not be enforced via NFS shares.
+.It Va security_status_neggrpperm_period
+.Pq Vt str
+Set to either
+.Dq Li daily ,
+.Dq Li weekly ,
+.Dq Li monthly
+or
+.Dq Li NO .
+.It Va security_status_chkmounts_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+to check for changes mounted file systems to the previous day's values.
+.It Va security_status_chkmounts_period
+.Pq Vt str
+Set to either
+.Dq Li daily ,
+.Dq Li weekly ,
+.Dq Li monthly
+or
+.Dq Li NO .
+.It Va security_status_noamd
+.Pq Vt bool
+Set to
+.Dq Li YES
+if you want to ignore
+.Xr amd 8
+mounts when comparing against yesterday's file system mounts in the
+.Va security_status_chkmounts_enable
+check.
+.It Va security_status_chkuid0_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+to check
+.Pa /etc/master.passwd
+for accounts with UID 0.
+.It Va security_status_chkuid0_period
+.Pq Vt str
+Set to either
+.Dq Li daily ,
+.Dq Li weekly ,
+.Dq Li monthly
+or
+.Dq Li NO .
+.It Va security_status_passwdless_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+to check
+.Pa /etc/master.passwd
+for accounts with empty passwords.
+.It Va security_status_passwdless_period
+.Pq Vt str
+Set to either
+.Dq Li daily ,
+.Dq Li weekly ,
+.Dq Li monthly
+or
+.Dq Li NO .
+.It Va security_status_logincheck_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+to check
+.Pa /etc/login.conf
+ownership, see
+.Xr login.conf 5
+for more information.
+.It Va security_status_logincheck_period
+.Pq Vt str
+Set to either
+.Dq Li daily ,
+.Dq Li weekly ,
+.Dq Li monthly
+or
+.Dq Li NO .
+.It Va security_status_ipfwdenied_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+to show log entries for packets denied by
+.Xr ipfw 8
+since yesterday's check.
+.It Va security_status_ipfwdenied_period
+.Pq Vt str
+Set to either
+.Dq Li daily ,
+.Dq Li weekly ,
+.Dq Li monthly
+or
+.Dq Li NO .
+.It Va security_status_ipfdenied_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+to show log entries for packets denied by
+.Xr ipf 8
+since yesterday's check.
+.It Va security_status_ipfdenied_period
+.Pq Vt str
+Set to either
+.Dq Li daily ,
+.Dq Li weekly ,
+.Dq Li monthly
+or
+.Dq Li NO .
+.It Va security_status_pfdenied_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+to show log entries for packets denied by
+.Xr pf 4
+since yesterday's check.
+.It Va security_status_pfdenied_period
+.Pq Vt str
+Set to either
+.Dq Li daily ,
+.Dq Li weekly ,
+.Dq Li monthly
+or
+.Dq Li NO .
+.It Va security_status_ipfwlimit_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+to display
+.Xr ipfw 8
+rules that have reached their verbosity limit.
+.It Va security_status_ipfwlimit_period
+.Pq Vt str
+Set to either
+.Dq Li daily ,
+.Dq Li weekly ,
+.Dq Li monthly
+or
+.Dq Li NO .
+.It Va security_status_kernelmsg_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+to show new
+.Xr dmesg 8
+entries since yesterday's check.
+.It Va security_status_kernelmsg_period
+.Pq Vt str
+Set to either
+.Dq Li daily ,
+.Dq Li weekly ,
+.Dq Li monthly
+or
+.Dq Li NO .
+.It Va security_status_loginfail_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+to display failed logins from
+.Pa /var/log/messages
+in the previous day.
+.It Va security_status_loginfail_period
+.Pq Vt str
+Set to either
+.Dq Li daily ,
+.Dq Li weekly ,
+.Dq Li monthly
+or
+.Dq Li NO .
+.It Va security_status_tcpwrap_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+to display connections denied by tcpwrappers (see
+.Xr hosts_access 5 )
+from
+.Pa /var/log/messages
+during the previous day.
+.It Va security_status_tcpwrap_period
+.Pq Vt str
+Set to either
+.Dq Li daily ,
+.Dq Li weekly ,
+.Dq Li monthly
+or
+.Dq Li NO .
+.El
 .Sh FILES
 .Bl -tag -width ".Pa /etc/defaults/periodic.conf"
 .It Pa /etc/defaults/periodic.conf


Property changes on: trunk/share/man/man5/periodic.conf.5
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property

More information about the Midnightbsd-cvs mailing list