From owner-p4-projects@FreeBSD.ORG Sat Aug 2 10:31:23 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 7B9BA37B401; Sat, 2 Aug 2003 10:31:23 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F4FD37B404 for ; Sat, 2 Aug 2003 10:31:23 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 649D843FAF for ; Sat, 2 Aug 2003 10:31:22 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h72HVM0U018225 for ; Sat, 2 Aug 2003 10:31:22 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h72HVLf4018222 for perforce@freebsd.org; Sat, 2 Aug 2003 10:31:21 -0700 (PDT) Date: Sat, 2 Aug 2003 10:31:21 -0700 (PDT) Message-Id: <200308021731.h72HVLf4018222@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 35398 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2003 17:31:24 -0000 http://perforce.freebsd.org/chv.cgi?CH=35398 Change 35398 by rwatson@rwatson_paprika on 2003/08/02 10:30:21 Flesh out the security event activities some. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#4 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#4 (text+ko) ==== @@ -2729,9 +2729,9 @@ The daily security event, executed once a day by the system daily event, checks a variety of system security properties, and generates a report that may be e-mailed to - the administrator, or sent to a file. This report is - intended to make it easier for administrators to track - security-related changes to the system, such as the + the administrator, or sent to a file. + This report is intended to make it easier for administrators + to track security-related changes to the system, such as the addition or modification of users, changes to the file system namespace, events relating to the password subsystem, high priority log messages, or changes in the @@ -2740,12 +2740,36 @@ these reports are often helpful in post-mortem analysis of compromised systems, as they provide some basic tripwire functionality, as well as long term tracking of - system configuration. + system configuration. + The following activities are performed by the daily + security event: - + + Report on changes in the set of setuid and + setgid binaries in the local file system. + Report on changes in the set of mounted + file systems and file system flags. + Report on any local users other than the root + user with a uid of 0. + Report on any users without passwords. + + Report on any logged IPFW packet denials. + + Report on any logged IPFilter packet denials. + + Report on any logged IPFW packet limits. + + Report on any logged IPv6 IPFW packet denials. + + Report on any logged IPv6 IPFW packet limits. + + Report on any changes in the kernel log + output. + Report on any logged login failures. + + Report on any logged TCP wrapper failures. + +