Date: Fri, 15 Dec 2006 13:10:30 -0600 From: Tuareg <tuaregmex@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: how do I see security logs without turning on sendmail? Message-ID: <7a4a15bd0612151110n6fa86ba8hbe227f9a29d3e265@mail.gmail.com> In-Reply-To: <200612132251.36352.lane@joeandlane.com> References: <20061206034909.27125.qmail@web37214.mail.mud.yahoo.com> <7a4a15bd0612131522t2942b44bo4412d1e16c6ed2e6@mail.gmail.com> <200612131733.32763.lane@joeandlane.com> <200612132251.36352.lane@joeandlane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/13/06, Lane <lane@joeandlane.com> wrote: > > Tuareg, > > I can't find the name of the quy who straightened me out on the fuction of > squid, but kudo's to him. > > Clearly squid is not the culprit. > > But I've done some eyeballing on /usr/sbin/periodic, and I think maybe it > is > the culprit. > > First lets have a look at your /etc/crontab file. Specifically we are > interested in the lines which contain the term "periodic" cat /etc/crontab | grep periodic #1 3 * * * root periodic daily #15 4 * * 6 root periodic weekly #30 5 1 * * root periodic monthly All the lines are commented. If these lines include parameters, which are passed to /usr/sbin/periodic, > then they may be the reason for your periodic emails being sent WITHOUT > sendmail being enabled by the normal boot process. > > Take a look at /usr/sbin/periodic. Note that it uses values > in /etc/defaults/periodic.conf as well as any override variables > in /etc/rc.conf. It could also be overridden in other ways such as by > defining the value "source_periodic_confs_defined" and > "periodic_conf_files" > but this should have already showed up in /etc/rc.conf. > > While you are examining /usr/sbin/periodic, look for the term "output" > In my copy of that script there is a comment that looks like: > > #Where's our output going? > > Then there is a "case" block: > > case "$output" in > /*) pipe="cat >>$output";; > "") pipe=cat;; > *) pipe="mail -s '$host ${arg##*/} run output' $output";; > esac > > If your predecessor had modified this script or, perhaps overridden it > using /etc/defaults/periodic.conf, then he may have either changed the *) > default case, or supplied parameters from /etc/crontab > (or /etc/defaults/periodic.conf) which could invoke sendmail directly. If > he > used override variables, then he would probably also have added a case for > ) > pipe="sendmail -<arg1> <arg2> <argn>" > > This would account for sendmail being completely disabled in /etc/rc.conf > AND > for the messages being sent out via sendmail. However, as I read it, the > behaviour you have reported would only occur if /usr/sbin/periodic was > actually modified, as the use of the "$output" variables does NOT seem to > allow for invocation of sendmail directly. And I don't believe that > "mail" > can force invocation of sendmail (although I may be wrong, as the man page > does imply that mail will use any means available to get the message out). > > If this is the case (i.e. if "mail" is invoking sendmail directly) you > could > check it by trying to send mail from the command line on one of the > servers > that actually does what you want it to do. If it works, and if there are > NO > modifications to /usr/sbin/periodic or override defaults > in /etc/defaults/periodic.conf, then it will be safe to assume that > this "feature" has been properly quashed in 6.x. You would then need to > follow the procedures for setting up sendmail for outgoing-only, as many > have > already recommended. Well this is the output of: cat /usr/sbin/periodic | grep output tmp_output=`mktemp ${TMPDIR:-/tmp}/periodic.XXXXXXXXXX` # Where's our output going ? eval output=\$${arg##*/}_output case "$output" in /*) pipe="cat >>$output";; *) pipe="mail -s '$host ${arg##*/} run output' $output";; output=TRUE $file </dev/null >$tmp_output 2>&1 if [ -s $tmp_output ] 0) [ $success = NO ] && output=FALSE;; 1) [ $info = NO ] && output=FALSE;; 2) [ $badconfig = NO ] && output=FALSE;; [ $output = TRUE ] && { cat $tmp_output; empty=FALSE; } cp /dev/null $tmp_output echo "No output from the $processed file$plural processed" echo "-- End of $arg output --" rm -f $tmp_output But, /etc/defaults/periodic.conf don't appear to be modified, but can't be sure 100% because we don't have other server with a fresh install of FreeBSD 4.6-RELEASE to compare. Yes, we are able to send mails from the command line, so.. it could be that this feature was disable for 6.x In any case, the behaviour you desire would only work properly by making the > appropriate changes to /etc/mail/<hostname|freebsd>.mc, (i.e. SMART_HOST > and/or HUB settings), and then running "make install" in /etc/mail. (And > this > is always going to be the case where sendmail is concerned) > > I hope this information leads you to a resolution, as it has been a great > learning experience for me ... but my brain hurts :) > > lane > We wanted to ask and check with others before trying with modifications in the files, so I guess that we'll finish doing what the documentation recomends. Thank you for your help, we learned a lot too.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7a4a15bd0612151110n6fa86ba8hbe227f9a29d3e265>