From owner-freebsd-bugs Sun Apr 16 2:35:35 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from cyndy.intextonline.com (cyndy.intextonline.com [216.18.25.8]) by hub.freebsd.org (Postfix) with ESMTP id 86B8737B720 for ; Sun, 16 Apr 2000 02:35:31 -0700 (PDT) (envelope-from glenn@intextonline.com) Received: from localhost (localhost [127.0.0.1]) by cyndy.intextonline.com (8.9.1/8.9.1) with SMTP id CAA19461 for ; Sun, 16 Apr 2000 02:35:19 -0700 Date: Sun, 16 Apr 2000 02:35:18 -0700 (PDT) From: inTEXT Communications To: freebsd-bugs@freebsd.org Subject: /etc/security Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello. During private development of scripts for my company's use I have added some simple lines to /etc/security which you may find useful in future distributions. They are as follows: # FreeBSD uname -a 3.4-RELEASE FreeBSD # file /etc/security # show log output of denied secondary bind transfer attempts # This is covered to a degree in kernel messages, however # does not show the actual IP requesting the zone transfer separator echo "$host checking for denied secondary zone transfers:" echo "" grep -i "unapproved AXFR from" $LOG/messages # show present route status. # I included this specifically because I use portsentry so that # any probes to the network are dropped to an unused IP on # my class c. By showing the route table it's easy enough # to see any 'odd' routes that have been added. # I suppose we could easily enough do this through a # diff database as well instead of doing netstar -nr here. # This might also be implemented in # /etc/periodic/daily/420.status-network instead of here. separator echo "$host checking present route status by netstat -nr" /usr/bin/netstat -nr _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Glenn Graham inTEXT Communications Vancouver, BC Canada Corporate Intranet/Internet Security System Administration - FireWall Systems Unix Based International Remote Networks Bsdi NetBSD Solaris SCO Unix Programming Website Zurich Switzerland: http://www.intextonline.li WebSite North America: http://www.intextonline.com PGP KEY: http://216.18.25.2/pgp.htm _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message