Date: Sun, 13 Mar 2005 21:58:41 +0000 (UTC) From: Sergei Gnezdov <use-reply-to@nofrom.not> To: freebsd-questions@freebsd.org Subject: Howto monitor system security Message-ID: <slrnd39e2s.1gru.use-reply-to@sergei.homeunix.org>
next in thread | raw e-mail | index | archive | help
Sorry, it is a rather generic message, but the problem is a generic as well. I am running my FreeBSD machine on DMZ. I use ipfw and I expose http and smtp ports. I also expose sshd port, but only to a trusted network (work). I'd like to know what is the best way to monitor my machine security. FreeBSD security email is rather anoying, because it keeps sending messages even if nothing has changed. I need an email sent to me only if there is something abnormal. For example, I'd like to know if there is a significant change in network activity. My mailserver might be hijacked and is sending spam. I am running snort, but most of the time it simply reports MySQL warm attempts. Is there a log to see messages sent by sendmail?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?slrnd39e2s.1gru.use-reply-to>