| #
693dc5e1 |
| 03-Mar-2023 |
bluhm <bluhm@openbsd.org> |
Process accounting and lastcomm(1) can detect execve(2) violations
of pinsyscall(2) policy. Report such findings in daily mail like
other security violations. User has to turn on accounting=YES in
Process accounting and lastcomm(1) can detect execve(2) violations
of pinsyscall(2) policy. Report such findings in daily mail like
other security violations. User has to turn on accounting=YES in
rc.conf.local to utilize this feature.
OK deraadt@
show more ...
|
| #
ca6cf7e7 |
| 19-Oct-2022 |
sthen <sthen@openbsd.org> |
Exclude /tmp/*.shm files from /tmp cleaning in daily(8); removing them
interferes with programs using shm_open(3) which uses them as backing
files.
Problem pointed out by jeremy@ in relation to Post
Exclude /tmp/*.shm files from /tmp cleaning in daily(8); removing them
interferes with programs using shm_open(3) which uses them as backing
files.
Problem pointed out by jeremy@ in relation to PostgreSQL.
Suggestion/ok tb@.
show more ...
|
| #
43edb082 |
| 20-Oct-2020 |
danj <danj@openbsd.org> |
Remove calls for df(1), netstat(1), and the verbose dump(1)
With this change, daily(8) only sends email when something looks
dubious.
Consequently VERBOSESTATUS is now a no-op and may be unset.
The
Remove calls for df(1), netstat(1), and the verbose dump(1)
With this change, daily(8) only sends email when something looks
dubious.
Consequently VERBOSESTATUS is now a no-op and may be unset.
The code is trivial and riddled with choices that look like personal
preferences. The old behavior can be achieved through
/etc/daily.local.
With schwarze@, tweak kn@, sthen@
OK schwarze@, kn@, jung@
show more ...
|
| #
f87fab9d |
| 08-Oct-2020 |
millert <millert@openbsd.org> |
Use find -delete instead of execing rm and rmdir.
OK sthen@ denis@
|
| #
dd06cfbc |
| 09-Sep-2019 |
bluhm <bluhm@openbsd.org> |
Inform about system call memory write protection and stack mapping
violations in system accounting. This will help to find missbehaving
programs and possible attacks. The flags bit field is full, s
Inform about system call memory write protection and stack mapping
violations in system accounting. This will help to find missbehaving
programs and possible attacks. The flags bit field is full, so
recycle the PDP-11 compatibility on VAX. lastcomm(1) prints the
AMAP flag as 'M'. daily(8) prints a list of affected processes.
OK deraadt@
show more ...
|
| #
227c47e9 |
| 25-Jul-2019 |
bluhm <bluhm@openbsd.org> |
Show unveil(2) violators in lastcomm(1) output and daily mail.
input Janne Johansson, schwarze@; OK deraadt@ millert@
|
| #
9b1733a3 |
| 06-Feb-2018 |
tb <tb@openbsd.org> |
Print an explicit error if the backup volume is not present in
hw.disknames. This can only happen due to a failure or user error.
In either case, silent failure makes it hard to discover and debug.
N
Print an explicit error if the backup volume is not present in
hw.disknames. This can only happen due to a failure or user error.
In either case, silent failure makes it hard to discover and debug.
Now it will be easy to spot in the daily mail.
ok rob, schwarze
show more ...
|
| #
6c69a1da |
| 10-Jul-2017 |
bluhm <bluhm@openbsd.org> |
Test if an acct file exists before trying to rename it. This silences
false warnings in the frist three daily mails after process accounting
has been turned on.
from Raf Czlonka
|
| #
f63f496d |
| 10-Jun-2017 |
bluhm <bluhm@openbsd.org> |
Report processes that were killed due to pledge or memory access
violations in the daily mail.
OK millert@ jmc@
|
| #
84d7baa2 |
| 29-Apr-2016 |
schwarze <schwarze@openbsd.org> |
Delete invocation of mailq(1) that was present for historical reasons.
On a real mailserver, it's too noisy and may be a privacy concern.
On a machine that's not a mailserver, it's pointless.
Beside
Delete invocation of mailq(1) that was present for historical reasons.
On a real mailserver, it's too noisy and may be a privacy concern.
On a machine that's not a mailserver, it's pointless.
Besides, Theo points out that running subsystems that potentially
parse untrusted user data daily, at a predictable time, as root
is not a very good idea in the first place.
Suggested by millert@; gilles@ matthieu@ deraadt@ sthen@ agree
show more ...
|
| #
7b1e74d8 |
| 01-Apr-2016 |
ajacoutot <ajacoutot@openbsd.org> |
Tweak rcctl wording.
from ian@
|
| #
98a0419b |
| 01-Apr-2016 |
ajacoutot <ajacoutot@openbsd.org> |
Rename the 'faulty' list action to 'failed'; it clearer.
prodded by matthieu@
ok millert@ jung@ sthen@
|
| #
446b8f79 |
| 28-Jan-2016 |
schwarze <schwarze@openbsd.org> |
Run "rcctl ls faulty", which is silent when all services work as expected.
Based on an original idea and a different patch from landry@.
OK jung@ zhuk@ landry@
krw@ agreed to the general idea
|
| #
9386ff05 |
| 30-Dec-2015 |
rpe <rpe@openbsd.org> |
Remove portslocks from /etc/daily. The ports LOCKDIR was moved from /tmp
to /usr/ports/pobj years ago.
OK millert@, ajacoutot@
|
| #
7b7912d5 |
| 29-Apr-2015 |
halex <halex@openbsd.org> |
VERBOSESTATUS or no VERBOSESTATUS, failed or missing dumps are still
worth noting
"go ahead" schwarze@
|
| #
c67deee9 |
| 17-Nov-2014 |
deraadt <deraadt@openbsd.org> |
Make /var/tmp a symbolic link to /tmp. The creation of /var/tmp in the
often space-constrained /var filesystem was a historical mistake. There
are big implications for the daemons which assume they
Make /var/tmp a symbolic link to /tmp. The creation of /var/tmp in the
often space-constrained /var filesystem was a historical mistake. There
are big implications for the daemons which assume they won't run out of
space, and this is a first step towards trying to improve the situation.
Move /tmp to the same 7-day expiration rules that /var/tmp had.
vi.recover works just as well as before, except on memory filesystems;
indicating that vi should be repaired to write files into homedirs or
something.
done with rpe
ok many
show more ...
|
| #
a3c905d9 |
| 02-Jul-2014 |
sthen <sthen@openbsd.org> |
don't clear tmux session sockets in daily(8)'s tmp cleanup, from Rafael Zalamena
ok schwarze@
|
| #
a5dfd3e6 |
| 24-Apr-2014 |
tedu <tedu@openbsd.org> |
jmc spotted more ruptime tentacles
|
| #
f6e3d988 |
| 24-Apr-2014 |
tedu <tedu@openbsd.org> |
rm rwhod tentacles
|
| #
556c8930 |
| 12-Dec-2013 |
brad <brad@openbsd.org> |
Have df(1) in the daily output show the inodes used/free.
a few developers thought this was a reasonable/good idea.
|
| #
29db810a |
| 03-Nov-2013 |
deraadt <deraadt@openbsd.org> |
ugly spaces
|
| #
b69dc62c |
| 06-Jan-2013 |
deraadt <deraadt@openbsd.org> |
backout atactl check; I had warned that this would try a lot of code
paths which are rarely tried. Problem reported by a few on the list.
|
| #
8e49073f |
| 11-Dec-2012 |
ajacoutot <ajacoutot@openbsd.org> |
Add a SMART check using atactl(8) against disks that support and have
SMART enabled.
Committing now so that it gets broader testing.
Man page bits will be added once we are confident there is no sid
Add a SMART check using atactl(8) against disks that support and have
SMART enabled.
Committing now so that it gets broader testing.
Man page bits will be added once we are confident there is no side
effect and this can stay.
inputs from sthen@ halex@ weerd@
ok deraadt@
show more ...
|
| #
5d5582c6 |
| 11-Feb-2012 |
krw <krw@openbsd.org> |
Fix previous fix for /altroot processing. Should now work for both
duid and device entries in fstab. As a bonus make commented out
lines in fstab in-eligable for altroot detection.
ok halex@ deraadt@
|
| #
89a0c572 |
| 08-Feb-2012 |
krw <krw@openbsd.org> |
Let /altroot work with a duid-based fstab.
Reported by & fix tested by Dave Anderson. Thanks!
ok deraadt@
|