#
693dc5e1 |
| 03-Mar-2023 |
bluhm <bluhm@openbsd.org> |
Process accounting and lastcomm(1) can detect execve(2) violations of pinsyscall(2) policy. Report such findings in daily mail like other security violations. User has to turn on accounting=YES in
Process accounting and lastcomm(1) can detect execve(2) violations of pinsyscall(2) policy. Report such findings in daily mail like other security violations. User has to turn on accounting=YES in rc.conf.local to utilize this feature. OK deraadt@
show more ...
|
#
ca6cf7e7 |
| 19-Oct-2022 |
sthen <sthen@openbsd.org> |
Exclude /tmp/*.shm files from /tmp cleaning in daily(8); removing them interferes with programs using shm_open(3) which uses them as backing files.
Problem pointed out by jeremy@ in relation to Post
Exclude /tmp/*.shm files from /tmp cleaning in daily(8); removing them interferes with programs using shm_open(3) which uses them as backing files.
Problem pointed out by jeremy@ in relation to PostgreSQL. Suggestion/ok tb@.
show more ...
|
#
43edb082 |
| 20-Oct-2020 |
danj <danj@openbsd.org> |
Remove calls for df(1), netstat(1), and the verbose dump(1)
With this change, daily(8) only sends email when something looks dubious. Consequently VERBOSESTATUS is now a no-op and may be unset.
The
Remove calls for df(1), netstat(1), and the verbose dump(1)
With this change, daily(8) only sends email when something looks dubious. Consequently VERBOSESTATUS is now a no-op and may be unset.
The code is trivial and riddled with choices that look like personal preferences. The old behavior can be achieved through /etc/daily.local.
With schwarze@, tweak kn@, sthen@ OK schwarze@, kn@, jung@
show more ...
|
#
f87fab9d |
| 08-Oct-2020 |
millert <millert@openbsd.org> |
Use find -delete instead of execing rm and rmdir. OK sthen@ denis@
|
#
dd06cfbc |
| 09-Sep-2019 |
bluhm <bluhm@openbsd.org> |
Inform about system call memory write protection and stack mapping violations in system accounting. This will help to find missbehaving programs and possible attacks. The flags bit field is full, s
Inform about system call memory write protection and stack mapping violations in system accounting. This will help to find missbehaving programs and possible attacks. The flags bit field is full, so recycle the PDP-11 compatibility on VAX. lastcomm(1) prints the AMAP flag as 'M'. daily(8) prints a list of affected processes. OK deraadt@
show more ...
|
#
227c47e9 |
| 25-Jul-2019 |
bluhm <bluhm@openbsd.org> |
Show unveil(2) violators in lastcomm(1) output and daily mail. input Janne Johansson, schwarze@; OK deraadt@ millert@
|
#
9b1733a3 |
| 06-Feb-2018 |
tb <tb@openbsd.org> |
Print an explicit error if the backup volume is not present in hw.disknames. This can only happen due to a failure or user error. In either case, silent failure makes it hard to discover and debug. N
Print an explicit error if the backup volume is not present in hw.disknames. This can only happen due to a failure or user error. In either case, silent failure makes it hard to discover and debug. Now it will be easy to spot in the daily mail.
ok rob, schwarze
show more ...
|
#
6c69a1da |
| 10-Jul-2017 |
bluhm <bluhm@openbsd.org> |
Test if an acct file exists before trying to rename it. This silences false warnings in the frist three daily mails after process accounting has been turned on. from Raf Czlonka
|
#
f63f496d |
| 10-Jun-2017 |
bluhm <bluhm@openbsd.org> |
Report processes that were killed due to pledge or memory access violations in the daily mail. OK millert@ jmc@
|
#
84d7baa2 |
| 29-Apr-2016 |
schwarze <schwarze@openbsd.org> |
Delete invocation of mailq(1) that was present for historical reasons. On a real mailserver, it's too noisy and may be a privacy concern. On a machine that's not a mailserver, it's pointless.
Beside
Delete invocation of mailq(1) that was present for historical reasons. On a real mailserver, it's too noisy and may be a privacy concern. On a machine that's not a mailserver, it's pointless.
Besides, Theo points out that running subsystems that potentially parse untrusted user data daily, at a predictable time, as root is not a very good idea in the first place.
Suggested by millert@; gilles@ matthieu@ deraadt@ sthen@ agree
show more ...
|
#
7b1e74d8 |
| 01-Apr-2016 |
ajacoutot <ajacoutot@openbsd.org> |
Tweak rcctl wording.
from ian@
|
#
98a0419b |
| 01-Apr-2016 |
ajacoutot <ajacoutot@openbsd.org> |
Rename the 'faulty' list action to 'failed'; it clearer.
prodded by matthieu@ ok millert@ jung@ sthen@
|
#
446b8f79 |
| 28-Jan-2016 |
schwarze <schwarze@openbsd.org> |
Run "rcctl ls faulty", which is silent when all services work as expected. Based on an original idea and a different patch from landry@. OK jung@ zhuk@ landry@ krw@ agreed to the general idea
|
#
9386ff05 |
| 30-Dec-2015 |
rpe <rpe@openbsd.org> |
Remove portslocks from /etc/daily. The ports LOCKDIR was moved from /tmp to /usr/ports/pobj years ago.
OK millert@, ajacoutot@
|
#
7b7912d5 |
| 29-Apr-2015 |
halex <halex@openbsd.org> |
VERBOSESTATUS or no VERBOSESTATUS, failed or missing dumps are still worth noting
"go ahead" schwarze@
|
#
c67deee9 |
| 17-Nov-2014 |
deraadt <deraadt@openbsd.org> |
Make /var/tmp a symbolic link to /tmp. The creation of /var/tmp in the often space-constrained /var filesystem was a historical mistake. There are big implications for the daemons which assume they
Make /var/tmp a symbolic link to /tmp. The creation of /var/tmp in the often space-constrained /var filesystem was a historical mistake. There are big implications for the daemons which assume they won't run out of space, and this is a first step towards trying to improve the situation.
Move /tmp to the same 7-day expiration rules that /var/tmp had. vi.recover works just as well as before, except on memory filesystems; indicating that vi should be repaired to write files into homedirs or something.
done with rpe ok many
show more ...
|
#
a3c905d9 |
| 02-Jul-2014 |
sthen <sthen@openbsd.org> |
don't clear tmux session sockets in daily(8)'s tmp cleanup, from Rafael Zalamena ok schwarze@
|
#
a5dfd3e6 |
| 24-Apr-2014 |
tedu <tedu@openbsd.org> |
jmc spotted more ruptime tentacles
|
#
f6e3d988 |
| 24-Apr-2014 |
tedu <tedu@openbsd.org> |
rm rwhod tentacles
|
#
556c8930 |
| 12-Dec-2013 |
brad <brad@openbsd.org> |
Have df(1) in the daily output show the inodes used/free.
a few developers thought this was a reasonable/good idea.
|
#
29db810a |
| 03-Nov-2013 |
deraadt <deraadt@openbsd.org> |
ugly spaces
|
#
b69dc62c |
| 06-Jan-2013 |
deraadt <deraadt@openbsd.org> |
backout atactl check; I had warned that this would try a lot of code paths which are rarely tried. Problem reported by a few on the list.
|
#
8e49073f |
| 11-Dec-2012 |
ajacoutot <ajacoutot@openbsd.org> |
Add a SMART check using atactl(8) against disks that support and have SMART enabled.
Committing now so that it gets broader testing. Man page bits will be added once we are confident there is no sid
Add a SMART check using atactl(8) against disks that support and have SMART enabled.
Committing now so that it gets broader testing. Man page bits will be added once we are confident there is no side effect and this can stay.
inputs from sthen@ halex@ weerd@ ok deraadt@
show more ...
|
#
5d5582c6 |
| 11-Feb-2012 |
krw <krw@openbsd.org> |
Fix previous fix for /altroot processing. Should now work for both duid and device entries in fstab. As a bonus make commented out lines in fstab in-eligable for altroot detection.
ok halex@ deraadt@
|
#
89a0c572 |
| 08-Feb-2012 |
krw <krw@openbsd.org> |
Let /altroot work with a duid-based fstab.
Reported by & fix tested by Dave Anderson. Thanks!
ok deraadt@
|