From owner-freebsd-current@FreeBSD.ORG Thu May 24 07:49:52 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8178C106564A for ; Thu, 24 May 2012 07:49:52 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from mail.digiware.nl (mail.ip6.digiware.nl [IPv6:2001:4cb8:1:106::2]) by mx1.freebsd.org (Postfix) with ESMTP id 17CF08FC12 for ; Thu, 24 May 2012 07:49:52 +0000 (UTC) Received: from rack1.digiware.nl (localhost.digiware.nl [127.0.0.1]) by mail.digiware.nl (Postfix) with ESMTP id 180E5153434 for ; Thu, 24 May 2012 09:49:51 +0200 (CEST) X-Virus-Scanned: amavisd-new at digiware.nl Received: from mail.digiware.nl ([127.0.0.1]) by rack1.digiware.nl (rack1.digiware.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GO98eRrHR7XZ for ; Thu, 24 May 2012 09:49:50 +0200 (CEST) Received: from [192.168.10.67] (opteron [192.168.10.67]) by mail.digiware.nl (Postfix) with ESMTP id 71028153433 for ; Thu, 24 May 2012 09:49:50 +0200 (CEST) Message-ID: <4FBDE81C.9010909@digiware.nl> Date: Thu, 24 May 2012 09:49:48 +0200 From: Willem Jan Withagen User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: FreeBSD Current Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 24 May 2012 10:53:45 +0000 Subject: Daily, weekly, security scripts.... X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2012 07:49:52 -0000 [I looked for a better list to drop this on, but other that freebsd-rc nothing seems close.] Hi, I nagged about the verbosity of the periodic scripts. But did not give any example. Well I just ran into a perfect example: -- Checking setuid files and devices: Checking for uids of 0: root 0 Checking for passwordless accounts: Checking login.conf permissions: Checking for ports with mismatched checksums: xx.xx.nl kernel log messages: +++ /tmp/security.X5WEmRe8 2012-05-24 03:38:58.028927236 +0200 xx.xx.nl login failures: xx.xx.nl refused connections: Checking for a current audit database: Database created: Wed May 23 03:45:00 CEST 2012 Checking for packages with security vulnerabilities: 0 problem(s) in your installed packages found. -- End of security output -- Which does not really report anything other than the system is healthy. Now because of the sheer volume (with about 20+ servers to maintain) this goes into a seperate bin, which I only check on less busy times. Whereas it would go into my active mailbox when I only get allerts on which I really need to handle. This would call for something like $periodic_quiet?? and then generating the headers only if there was something to report. I'd do it myself if only the day had 36 hours... --WjW