From owner-freebsd-questions@FreeBSD.ORG  Sun Mar 13 21:59:59 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 60D9716A4CE
	for <freebsd-questions@freebsd.org>;
	Sun, 13 Mar 2005 21:59:59 +0000 (GMT)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5C19D43D58
	for <freebsd-questions@freebsd.org>;
	Sun, 13 Mar 2005 21:59:58 +0000 (GMT)
	(envelope-from freebsd-questions@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1DAb6r-0001wm-FN
	for freebsd-questions@freebsd.org; Sun, 13 Mar 2005 22:58:53 +0100
Received: from 207-224-118-87.spkn.qwest.net ([207.224.118.87])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <freebsd-questions@freebsd.org>; Sun, 13 Mar 2005 22:58:53 +0100
Received: from sgnezdov by 207-224-118-87.spkn.qwest.net with local (Gmexim
	0.1 (Debian))        id 1AlnuQ-0007hv-00
	for <freebsd-questions@freebsd.org>; Sun, 13 Mar 2005 22:58:53 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-questions@freebsd.org
From: Sergei Gnezdov <use-reply-to@nofrom.not>
Date: Sun, 13 Mar 2005 21:58:41 +0000 (UTC)
Lines: 20
Message-ID: <slrnd39e2s.1gru.use-reply-to@sergei.homeunix.org>
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: 207-224-118-87.spkn.qwest.net
User-Agent: slrn/0.9.8.1 (FreeBSD)
Sender: news <news@sea.gmane.org>
X-Gmane-MailScanner: Found to be clean
X-Gmane-MailScanner: Found to be clean
X-Gmane-MailScanner-SpamScore: s
X-MailScanner-From: freebsd-questions@m.gmane.org
X-MailScanner-To: freebsd-questions@freebsd.org
Subject: Howto monitor system security
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: sgnezdov@sergei.homeunix.org
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Mar 2005 21:59:59 -0000

Sorry, it is a rather generic message, but the problem is a generic as
well.

I am running my FreeBSD machine on DMZ.  I use ipfw and I expose http
and smtp ports.  I also expose sshd port, but only to a trusted
network (work).  I'd like to know what is the best way to monitor my
machine security.

FreeBSD security email is rather anoying, because it keeps sending
messages even if nothing has changed.  I need an email sent to me only
if there is something abnormal.

For example, I'd like to know if there is a significant change in
network activity.  My mailserver might be hijacked and is sending
spam.

I am running snort, but most of the time it simply reports MySQL warm
attempts.

Is there a log to see messages sent by sendmail?