Date: Sat, 2 Aug 2003 10:38:32 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 35400 for review Message-ID: <200308021738.h72HcW4P018569@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=35400 Change 35400 by rwatson@rwatson_paprika on 2003/08/02 10:37:38 Expand on the distinctions between the various periodic events and their relationship. Also document security-relevant activities by the other periodic events (daily, weekly, monthly). Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#5 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#5 (text+ko) ==== @@ -2726,11 +2726,16 @@ <sect2 id="secarch-security-event"> <title>Daily Security Event</title> - <para>The daily security event, executed once a day by the - system daily event, checks a variety of system security - properties, and generates a report that may be e-mailed to - the administrator, or sent to a file. - This report is intended to make it easier for administrators + <para>FreeBSD executes a series of periodic maintenance events at + regular intervals: a daily event, daily security event, weekly + event, and monthly event. + These events check system configuration and usage activities, + and report on the activities to the system administrator by + e-mail, or to a file. + A number of elements of these events, especially the daily + security event, report on changes in security-relevent + configuration and activities. + These reports are intended to make it easier for administrators to track security-related changes to the system, such as the addition or modification of users, changes to the file system namespace, events relating to the password @@ -2741,7 +2746,16 @@ of compromised systems, as they provide some basic tripwire functionality, as well as long term tracking of system configuration. - The following activities are performed by the daily + The following security-relevent activities are performed + by the daily event:</para> + + <itemizedlist> + <listitem><para>Diff the password and group databases against + the previous days backups; back up these databases for + future comparison and restore.</para></listitem> + </itemizedlist> + + <para>The following activities are performed by the daily security event:</para> <itemizedlist> @@ -2770,6 +2784,15 @@ <listitem><para>Report on any logged TCP wrapper failures. </para></listitem> </itemizedlist> + + <para>The following security-relevent activities are performed + by the weekly event:</para> + + <itemizedlist> + <listitem><para>Report on files with an unknown user or + group (owner not present in password or group database). + </para></listitem> + </itemizedlist> </sect2> <sect2 id="secarch-mac">
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308021738.h72HcW4P018569>