From owner-freebsd-newbies  Tue Mar  5 12: 2:28 2002
Delivered-To: freebsd-newbies@freebsd.org
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by hub.freebsd.org (Postfix) with ESMTP id 945E937B402
	for <freebsd-newbies@freebsd.org>; Tue,  5 Mar 2002 12:02:25 -0800 (PST)
Received: from hades.hell.gr (patr530-a183.otenet.gr [212.205.215.183])
	by mailsrv.otenet.gr (8.12.2/8.12.2) with ESMTP id g25K2JDg025983;
	Tue, 5 Mar 2002 22:02:21 +0200 (EET)
Received: from hades.hell.gr (hades [127.0.0.1])
	by hades.hell.gr (8.12.2/8.12.2) with ESMTP id g25K2J0O004795;
	Tue, 5 Mar 2002 22:02:19 +0200 (EET)
	(envelope-from keramida@freebsd.org)
Received: (from charon@localhost)
	by hades.hell.gr (8.12.2/8.12.2/Submit) id g25K2GVE004794;
	Tue, 5 Mar 2002 22:02:16 +0200 (EET)
	(envelope-from keramida@freebsd.org)
X-Authentication-Warning: hades.hell.gr: charon set sender to keramida@freebsd.org using -f
Date: Tue, 5 Mar 2002 22:02:15 +0200
From: Giorgos Keramidas <keramida@freebsd.org>
To: Tom Beer <mailings@analogon.com>
Cc: freebsd-newbies@freebsd.org
Subject: Re: Security on Workstations
Message-ID: <20020305200215.GA4550@hades.hell.gr>
References: <20020304185950.C995437B419@hub.freebsd.org> <20020305032308.GA3537@hades.hell.gr> <00c401c1c436$47abbd00$0901a8c0@system>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <00c401c1c436$47abbd00$0901a8c0@system>
User-Agent: Mutt/1.3.27i
Sender: owner-freebsd-newbies@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-newbies.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-newbies>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-newbies>
X-Loop: FreeBSD.org

On 2002-03-05 12:09, Tom Beer wrote:
> > 
> > Finally, for those services that I have open, I run cronjobs that grep
> > through the daily logs, and mail root@localhost at the end of every day,
> > with any messages this service has generated.  Another log grep wrapper
> > filters all the random stuff, and sends only 'unrecognized' messages to
> > another post to root@localhost.
> 
> Can you post a/or some sample script/s that you execute with cronjob?

Sure, I've uploaded at freefall the set of scripts I have at home.  The
idea behind them was copied a year ago from /etc/periodic scripts.

You can find a sample set of log filters at:

	http://people.FreeBSD.org/~keramida/today.tgz

The tarball contains a today/* hierarchy.  The today/run.sh script is
suitable for putting in a crontab.  The scripts assume that all your
messages go into /var/log/messages, and that they will be able to read this
file.  A bit of editing might be needed to bring today/run.sh into shape.

Giorgos Keramidas                       FreeBSD Documentation Project
keramida@{freebsd.org,ceid.upatras.gr}  http://www.FreeBSD.org/docproj/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message