Daily, weekly, security scripts....
Willem Jan Withagen
wjw at digiware.nl
Thu May 24 07:49:52 UTC 2012
[I looked for a better list to drop this on, but other that freebsd-rc
nothing seems close.]
I nagged about the verbosity of the periodic scripts.
But did not give any example.
Well I just ran into a perfect example:
Checking setuid files and devices:
Checking for uids of 0:
Checking for passwordless accounts:
Checking login.conf permissions:
Checking for ports with mismatched checksums:
xx.xx.nl kernel log messages:
+++ /tmp/security.X5WEmRe8 2012-05-24 03:38:58.028927236 +0200
xx.xx.nl login failures:
xx.xx.nl refused connections:
Checking for a current audit database:
Database created: Wed May 23 03:45:00 CEST 2012
Checking for packages with security vulnerabilities:
0 problem(s) in your installed packages found.
-- End of security output --
Which does not really report anything other than the system is healthy.
Now because of the sheer volume (with about 20+ servers to maintain)
this goes into a seperate bin, which I only check on less busy times.
Whereas it would go into my active mailbox when I only get allerts on
which I really need to handle.
This would call for something like $periodic_quiet??
and then generating the headers only if there was something to report.
I'd do it myself if only the day had 36 hours...
More information about the freebsd-current