Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 24 May 2012 16:01:32 +0400
From:      Sergey Kandaurov <pluknet@gmail.com>
To:        Willem Jan Withagen <wjw@digiware.nl>
Cc:        FreeBSD Current <freebsd-current@freebsd.org>
Subject:   Re: Daily, weekly, security scripts....
Message-ID:  <CAE-mSOKJfd1nnu7Gvyk2=9T%2BD-dc6PdURbg93sq1xuiRDvGF%2BA@mail.gmail.com>
In-Reply-To: <4FBDE81C.9010909@digiware.nl>
References:  <4FBDE81C.9010909@digiware.nl>

next in thread | previous in thread | raw e-mail | index | archive | help
On 24 May 2012 11:49, Willem Jan Withagen <wjw@digiware.nl> wrote:
> [I looked for a better list to drop this on, but other that freebsd-rc
> nothing seems close.]
>
> Hi,
>
> I nagged about the verbosity of the periodic scripts.
> But did not give any example.
>
> Well I just ran into a perfect example:
> --
> Checking setuid files and devices:
>
> Checking for uids of 0:
> root 0
>
> Checking for passwordless accounts:
>
> Checking login.conf permissions:
>
> Checking for ports with mismatched checksums:
>
> xx.xx.nl kernel log messages:
> +++ /tmp/security.X5WEmRe8 =A0 =A0 =A02012-05-24 03:38:58.028927236 +0200
>
> xx.xx.nl login failures:
>
> xx.xx.nl refused connections:
>
> Checking for a current audit database:
>
> Database created: Wed May 23 03:45:00 CEST 2012
>
> Checking for packages with security vulnerabilities:
>
> 0 problem(s) in your installed packages found.
>
> -- End of security output --
>
> Which does not really report anything other than the system is healthy.
>
> Now because of the sheer volume (with about 20+ servers to maintain)
> this goes into a seperate bin, which I only check on less busy times.
>
> Whereas it would go into my active mailbox when I only get allerts on
> which I really need to handle.
>
> This would call for something like $periodic_quiet??
> and then generating the headers only if there was something to report.
>
> I'd do it myself if only the day had 36 hours...

Hi,
you could try to start with:

security_show_success=3D"NO"
daily_show_success=3D"NO"

--=20
wbr,
pluknet



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE-mSOKJfd1nnu7Gvyk2=9T%2BD-dc6PdURbg93sq1xuiRDvGF%2BA>