From owner-freebsd-hackers Thu Jun 29 9:30:35 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from alpha.dante.org.uk (alpha.dante.org.uk [193.63.211.19]) by hub.freebsd.org (Postfix) with ESMTP id 06F2237BC23 for ; Thu, 29 Jun 2000 09:30:32 -0700 (PDT) (envelope-from Konstantin.Chuguev@dante.org.uk) Received: from theta.dante.org.uk ([193.63.211.7]) by alpha.dante.org.uk with esmtp (Exim 3.12 #4) id 137hCx-00010f-00 for freebsd-hackers@freebsd.org; Thu, 29 Jun 2000 17:30:31 +0100 Received: from localhost ([127.0.0.1] helo=dante.org.uk) by theta.dante.org.uk with esmtp (Exim 3.12 #4) id 137hCq-0001DI-00 for freebsd-hackers@freebsd.org; Thu, 29 Jun 2000 17:30:24 +0100 Message-ID: <395B79A0.AB99EA21@dante.org.uk> Date: Thu, 29 Jun 2000 17:30:24 +0100 From: Konstantin Chuguev Organization: Delivery of Advanced Networking Service to Europe Ltd. X-Mailer: Mozilla 4.73 [en] (X11; I; SunOS 5.6 sun4u) X-Accept-Language: en, ru MIME-Version: 1.0 To: freebsd-hackers@freebsd.org Subject: Periodic scripts [Was: Re: /etc/security -> /etc/periodic/security ?] References: <200006291558.LAA26175@rac9.wam.umd.edu> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG James Howard wrote: > Will we be seeing a move in this direction towards a more configurable > security script? Is anyone planning it? > > I am porting the scripts to Linux and will hold off on security if > nothing is being planned or make the changes myself. I just do not want > to duplicate efforts. > I have administered quite a big network of FreeBSD servers and routers for more than 3 years. These periodic scripts are one of the most attractive features for a sysadmin/netadmin in FreeBSD. I really enjoyed just reading a few dozens messages from my FreeBSD boxes every morning, telling me about problems or that everything is all right. Fortunately, all right was much more often :-) Unfortunately, the OK-messages are of the same size as any alerts, so one needs to read them carefully to notice any suspicious conditions. IMO, introducing a sort of silent mode to these periodic scripts would help sysadmins. The idea is as follows: At present there are groups of scripts (daily, weekly, monthly, security) that write their reports to one email message per group. Often that message consists just of OK or empty lines from every script. In the silent mode, scripts produce no output in case of success (each script knows its success condition itself). Or they can output something, but then they should return the 0 result code for success, non-zero otherwise. A meta-script (periodic) intercepts their output, waits for their results and sends the output to mail agent only if the results are non-zero. If all scripts finished successfully, the meta-script can send just one line (or even empty message, indicating that everything is OK) to a sysadmin. The silent mode could be enabled in rc.conf for instance... Your suggestions? Regards, Konstantin. -- * * Konstantin Chuguev - Application Engineer * * Francis House, 112 Hills Road * Cambridge CB2 1PQ, United Kingdom D A N T E WWW: http://www.dante.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message