Re: portaudit and periodic

2008-12-20 Thread kareemy 
I believe I am incorrect. I checked further and it looks like
$daily_status_security_portaudit_enable defaults to YES in the
portaudit script so it should run fine. Everything seems to be
working. I don't know why I thought it wasn't running before. Sorry
for the trouble. Thanks.

On Sat, Dec 20, 2008 at 5:42 PM, kareemy kare...@gmail.com wrote:
 I am using FreeBSD 7-RELEASE. I installed portaudit. The FreeBSD
 handbook stated that during the install process, the configuration
 files for periodic will be updated, permitting portaudit output in the
 daily security runs.

 portaudit was not run in my daily security runs. There is no mention
 of portaudit in /etc/periodic.conf or /etc/defaults/periodic.conf. I
 read /usr/local/etc/periodic/security/410.portaudit and found that it
 references 3 variables:
 daily_status_security_portaudit_enable
 daily_status_security_portaudit_expiry
 daily_status_security_portaudit_user

 I can't find those variables defined anywhere in any periodic.conf
 file. I understand I can just manually add
 daily_status_security_portaudit_enable=YES to my periodic.conf and
 be good to go. But I am wondering about the discrepancy with the
 Freebsd handbook.

 Is the FreeBSD handbook out of date or incorrect in this regard or is
 there another reason why portaudit didn't update the periodic config
 files?

 Thanks,
 Kareem Dana

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: portaudit in periodic [SOLVED]

2007-12-24 Thread Andrea Venturoli 

Cristian KLEIN ha scritto:


But have you tried running these commands from the shell? It is very important
to check the scripts with the above SHELL  PATH environment. If the above works
from the shell, I'm pretty much out of ideas too.


Yes, and it did work.

In the end I realized the problem was that I have to use a proxy: from 
the shell portaudit picked up HTTP_PROXY and FTP_PROXY from the 
environment, while it didn't when launched from cron.


Obiously setting up portaudit.conf was the solution.

 bye  Thanks
av.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: portaudit in periodic

2007-12-17 Thread Andrea Venturoli 

Cristian KLEIN ha scritto:


I used to have problem with cron scripts, because cron uses another PATH then
what the script gets if it's run from the shell. Could you try the following
(assuming sh):

export SHELL=/bin/sh
export PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
export HOME=/var/log
periodic daily




Sorry if I reply this late: I tried something similar in crontab and let 
it test for a while, but nothing changed.

I'm really out of ideas here. :-(

 bye  Thanks
av.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: portaudit in periodic

2007-12-17 Thread Cristian KLEIN 
Andrea Venturoli wrote:
 Cristian KLEIN ha scritto:
 
 I used to have problem with cron scripts, because cron uses another
 PATH then
 what the script gets if it's run from the shell. Could you try the
 following
 (assuming sh):

 export SHELL=/bin/sh
 export PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
 export HOME=/var/log
 periodic daily


 
 Sorry if I reply this late: I tried something similar in crontab and let
 it test for a while, but nothing changed.
 I'm really out of ideas here. :-(

But have you tried running these commands from the shell? It is very important
to check the scripts with the above SHELL  PATH environment. If the above works
from the shell, I'm pretty much out of ideas too.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: portaudit in periodic

2007-11-26 Thread Cristian KLEIN 
Andrea Venturoli wrote:
 Hello.
 I'm running a dozen boxes (most being 6.2) with portaudit installed and
 I usually get a port vulnerability report in the daily security run.
 
 On one box, however, portaudit's db won't update automatically. The
 security reports will mention no vulnerability, even when I know they
 are there.
 Running periodic daily from a shell does it all for good, so that for
 a few days I'll see the correct warnings.

I used to have problem with cron scripts, because cron uses another PATH then
what the script gets if it's run from the shell. Could you try the following
(assuming sh):

export SHELL=/bin/sh
export PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
export HOME=/var/log
periodic daily

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: portaudit in periodic

2007-11-26 Thread RW 
On Mon, 26 Nov 2007 12:45:56 +0200
Cristian KLEIN [EMAIL PROTECTED] wrote:

 Andrea Venturoli wrote:

  On one box, however, portaudit's db won't update automatically. The
  security reports will mention no vulnerability, even when I know
  they are there.
  Running periodic daily from a shell does it all for good, so that
  for a few days I'll see the correct warnings.
 
 I used to have problem with cron scripts, because cron uses another
 PATH then what the script gets if it's run from the shell. 

That shouldn't be relevant, the update should be done as a side-effect
of the daily security run, and the path to portaudit is hard-coded into
the periodic script.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: portaudit in periodic

2007-11-23 Thread Andrea Venturoli 

RW ha scritto:


Have you checked its clock?


Yep.

# date
Fri Nov 23 18:13:17 CET 2007

Seems fine to me.

Also, it's running ntp, although I'd excpect something better from it.

 bye  Thanks
av.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: portaudit in periodic

2007-11-23 Thread RW 
On Fri, 23 Nov 2007 10:28:31 +0100
Andrea Venturoli [EMAIL PROTECTED] wrote:

 Hello.
 I'm running a dozen boxes (most being 6.2) with portaudit installed
 and I usually get a port vulnerability report in the daily security
 run.
 
 On one box, however, portaudit's db won't update automatically. The 
 security reports will mention no vulnerability, even when I know they 
 are there.
 Running periodic daily from a shell does it all for good, so that
 for a few days I'll see the correct warnings.

Have you checked its clock?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]