From owner-freebsd-current@FreeBSD.ORG Thu May 24 12:01:33 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A3109106564A for ; Thu, 24 May 2012 12:01:33 +0000 (UTC) (envelope-from pluknet@gmail.com) Received: from mail-gh0-f182.google.com (mail-gh0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id 5CBA18FC15 for ; Thu, 24 May 2012 12:01:33 +0000 (UTC) Received: by ghbz22 with SMTP id z22so2218373ghb.13 for ; Thu, 24 May 2012 05:01:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=F1TK8jPbiIMuq72Y5B3RcjMB+CX3KuvoguTEC8vWln4=; b=S9Cqg1ybQemybHYctLDBfCgZSmLlcezUGetneODKNHNPqdH22qgYbxQ4Vf9Jlo89f2 tIxLDJFGdn/1824s8vuQdbMg4fT3guY9KEOpKk2LNEnsyIHpMRoN1LscjFEUKbplmi85 fP+3S4Ez+tZi1oF9rsgS/YrdYk7Usup92h75YciFnWco+ywp7gfVyQ6SHotr+4DZ8m/W iCrJIC7aan3Nh38oALOf0IJeIDvwXlXiLPsQm+VFH5buSphlecmpT5LD9xkYsoSXHX+h 9wTurRDaLqEWvTqMF+jQNA+tgDEvhXY0eCJVjxWL5gL2FBdRuTq4oKxBZvVgO9YfG8bW GEzQ== MIME-Version: 1.0 Received: by 10.42.215.68 with SMTP id hd4mr20424452icb.30.1337860892371; Thu, 24 May 2012 05:01:32 -0700 (PDT) Received: by 10.64.8.170 with HTTP; Thu, 24 May 2012 05:01:32 -0700 (PDT) In-Reply-To: <4FBDE81C.9010909@digiware.nl> References: <4FBDE81C.9010909@digiware.nl> Date: Thu, 24 May 2012 16:01:32 +0400 Message-ID: From: Sergey Kandaurov To: Willem Jan Withagen Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: FreeBSD Current Subject: Re: Daily, weekly, security scripts.... X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2012 12:01:33 -0000 On 24 May 2012 11:49, Willem Jan Withagen wrote: > [I looked for a better list to drop this on, but other that freebsd-rc > nothing seems close.] > > Hi, > > I nagged about the verbosity of the periodic scripts. > But did not give any example. > > Well I just ran into a perfect example: > -- > Checking setuid files and devices: > > Checking for uids of 0: > root 0 > > Checking for passwordless accounts: > > Checking login.conf permissions: > > Checking for ports with mismatched checksums: > > xx.xx.nl kernel log messages: > +++ /tmp/security.X5WEmRe8 =A0 =A0 =A02012-05-24 03:38:58.028927236 +0200 > > xx.xx.nl login failures: > > xx.xx.nl refused connections: > > Checking for a current audit database: > > Database created: Wed May 23 03:45:00 CEST 2012 > > Checking for packages with security vulnerabilities: > > 0 problem(s) in your installed packages found. > > -- End of security output -- > > Which does not really report anything other than the system is healthy. > > Now because of the sheer volume (with about 20+ servers to maintain) > this goes into a seperate bin, which I only check on less busy times. > > Whereas it would go into my active mailbox when I only get allerts on > which I really need to handle. > > This would call for something like $periodic_quiet?? > and then generating the headers only if there was something to report. > > I'd do it myself if only the day had 36 hours... Hi, you could try to start with: security_show_success=3D"NO" daily_show_success=3D"NO" --=20 wbr, pluknet