Date: Thu, 24 May 2012 16:01:32 +0400 From: Sergey Kandaurov <pluknet@gmail.com> To: Willem Jan Withagen <wjw@digiware.nl> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: Daily, weekly, security scripts.... Message-ID: <CAE-mSOKJfd1nnu7Gvyk2=9T%2BD-dc6PdURbg93sq1xuiRDvGF%2BA@mail.gmail.com> In-Reply-To: <4FBDE81C.9010909@digiware.nl> References: <4FBDE81C.9010909@digiware.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 24 May 2012 11:49, Willem Jan Withagen <wjw@digiware.nl> wrote: > [I looked for a better list to drop this on, but other that freebsd-rc > nothing seems close.] > > Hi, > > I nagged about the verbosity of the periodic scripts. > But did not give any example. > > Well I just ran into a perfect example: > -- > Checking setuid files and devices: > > Checking for uids of 0: > root 0 > > Checking for passwordless accounts: > > Checking login.conf permissions: > > Checking for ports with mismatched checksums: > > xx.xx.nl kernel log messages: > +++ /tmp/security.X5WEmRe8 =A0 =A0 =A02012-05-24 03:38:58.028927236 +0200 > > xx.xx.nl login failures: > > xx.xx.nl refused connections: > > Checking for a current audit database: > > Database created: Wed May 23 03:45:00 CEST 2012 > > Checking for packages with security vulnerabilities: > > 0 problem(s) in your installed packages found. > > -- End of security output -- > > Which does not really report anything other than the system is healthy. > > Now because of the sheer volume (with about 20+ servers to maintain) > this goes into a seperate bin, which I only check on less busy times. > > Whereas it would go into my active mailbox when I only get allerts on > which I really need to handle. > > This would call for something like $periodic_quiet?? > and then generating the headers only if there was something to report. > > I'd do it myself if only the day had 36 hours... Hi, you could try to start with: security_show_success=3D"NO" daily_show_success=3D"NO" --=20 wbr, pluknet
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE-mSOKJfd1nnu7Gvyk2=9T%2BD-dc6PdURbg93sq1xuiRDvGF%2BA>