Date: Sun, 10 Mar 2013 08:41:45 -0700 From: Steve Rikli <sr@genyosha.net> To: freebsd-questions@freebsd.org Subject: Re: periodic security always sends output mail Message-ID: <20130310154145.GA13034@dragon.genyosha.home> In-Reply-To: <513C800A.2030605@qeng-ho.org> References: <khguhb$3ha$1@ger.gmane.org> <513C800A.2030605@qeng-ho.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Mar 10, 2013 at 12:43:54PM +0000, Arthur Chance wrote:
> On 03/10/13 03:26, Steve Rikli wrote:
> >I would like to configure periodic on my FreeBSD servers to only send
> >daily/weekly/monthly/security mails (or logs) when there is something
> >"important" to report.
> >
> >I'm close, but periodic security seems to _always_ send mail, even
> >when there is nothing to report.
>
> I suspect the logic is that by always sending a mail, even if it
> contains nothing important, it means that when you don't get mail
> you should check to see what happened. Otherwise an attacker could
> simply prevent periodic security checks to cover up any changes made
> and you'd just think there was nothing important to report.
You may be correct. It may also be nothing more complicated than
"security is important", which is hard to argue with. :-)
However it appears the logic has changed somewhat in FreeBSD-9 (my
1st example was from an 8.3 server), where the 450.status-security
script now sets and resets rc= conditionally, and it seems to behave
more closely to my desired behavior, though I need to test a bit.
One undesireable thing in the FreeBSD-9 scripts is it appears that
if you have daily_status_security_inline enabled, and mask away the
daily success & info results, the security results are also masked
away regardless of security success,info settings.
E.g. this config on a FreeBSD 9.1 system:
daily_show_success="NO"
security_show_success="NO"
daily_show_info="NO"
security_show_info="YES"
daily_status_security_inline="YES"
apparently won't include security info events either, though I'm not
sure why not. I'm still tuning and testing to get it set the way I
want.
Cheers,
sr.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130310154145.GA13034>