Date: Thu, 06 Jul 2000 11:46:39 +0100 From: cillian@xiam.com To: freebsd-hackers@freebsd.org Subject: Re: /etc/security -> /etc/periodic/security ? Message-ID: <3964638F.9162B7C@xiam.com>
next in thread | raw e-mail | index | archive | help
> > why not even something like security_enable=[YES|NO] and > > security_periode=[daily|weekly|monthly] defaulting to daily? /etc/security is hard-wired in many respects to be run on a daily basis, i.e. it does lots of 'today/yesterday' diff reports. Anyway, I think security reports are important enough that you'd want to be informed daily, at the very least. > That's just what we need - a configuration option that lets the admin > turn security off. 8) :) While we're on the subject of /etc/security, just a few comments/suggestions.. For 'logfile' reports (login failures, kernel messages, refused connections, etc.), I think we should use the 'logtail' program or something similar. This could be run from cron on a frequent [i.e. hourly] basis, coinciding with newsyslog. This way, you don't have to wait for the daily security report to tell you something's wrong, and it should also eliminate duplicated data in reports as each report only shows the 'bad' messages since last run, as opposed to all the bad messages currently in the respective logfiles. [which is what it certainly does on 3.4, anyway] Also, /var/log/kernel [syslog: kern.*] should be used in preference to dmesg as the source of kernel messages, as there's no risk of losing kernel messages that have disappeared from the system message buffer. Better support for ipfw and ipf/ipmon would be nice, but I'd imagine most people just roll-their-own, when it comes to firewall scripts/status reports. -- Cillian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3964638F.9162B7C>