From: Stuart Henderson Subject: Re: changlist: add apmd(8) hooks To: "Kirill A. Korinsky" , Klemens Nanni Cc: , Tobias Heider Date: Sat, 24 May 2025 11:20:58 +0100 Agreed. It would be unusual for these files to be binaries, and if they are and the user doesn't like security(8) results when the files change, they can always add + themselves. This is ok sthen if the +s are removed. -- Sent from a phone, apologies for poor formatting. On 24 May 2025 10:59:02 Kirill A. Korinsky wrote: > On Sat, 24 May 2025 05:15:24 +0200, > Klemens Nanni wrote: >> >> 27.04.2023 14:16, Klemens Nanni пишет: >>> On Thu, Apr 27, 2023 at 10:53:03AM +0000, Klemens Nanni wrote: >>>> Would be nice to record changes to critical scripts run on state changes >>>> and have modifications recorded through security(8). >>>> >>>> Feedback? Objection? OK? >>> >>> This gets ugly if you use binary files instead of scripts, so we'd either >>> want their hashes or not handle them at all. >> >> Still in my tree, now there's /etc/apm/warnlow, too. >> >> These run as root and need no further config, so placing new files in /etc/apm/ >> is all you need; better track changes. >> >> Feedback? OK? > > Are you sure that + here is worth it? > >> Index: changelist >> =================================================================== >> RCS file: /cvs/src/etc/changelist,v >> diff -u -p -r1.141 changelist >> --- changelist 13 Apr 2025 20:04:02 -0000 1.141 >> +++ changelist 22 May 2025 05:48:40 -0000 >> @@ -11,6 +11,13 @@ >> /etc/acme-client.conf >> /etc/adduser.conf >> /etc/adduser.message >> ++/etc/apm/hibernate >> ++/etc/apm/powerdown >> ++/etc/apm/powerup >> ++/etc/apm/resume >> ++/etc/apm/standby >> ++/etc/apm/suspend >> ++/etc/apm/warnlow >> /etc/bgpd.conf >> /etc/boot.conf >> /etc/bootparams > > -- > wbr, Kirill