From owner-freebsd-questions Mon Oct 15 12:37: 9 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-31-203-60.mmcable.com [65.31.203.60]) by hub.freebsd.org (Postfix) with SMTP id 48A5B37B408 for ; Mon, 15 Oct 2001 12:37:06 -0700 (PDT) Received: (qmail 29557 invoked by uid 100); 15 Oct 2001 19:37:05 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15307.15073.674368.287740@guru.mired.org> Date: Mon, 15 Oct 2001 14:37:05 -0500 To: "Patrick O'Reilly" Cc: questions@freebsd.org Subject: RE: today and yesterday log files In-Reply-To: <31739119@toto.iv> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Patrick O'Reilly types: > Hi again, > > Are you talking about setuid.yesterday, dmesg.yesterday and ipfw.yesterday? > > I have traced them to /etc/security. I have not read the script carefully > enough to determine WHY it does that little trick, but that's where it > happens. It does that so it can show you what's *changed* since yesterdays security run. In particular, changes to setuid files, ipfw rules and mounted file systems are clues that something may be amiss. The dmesg one is so that it shows you only the *new* dmesg output, not whatever has accumulated since you last booted that hasn't been flushed. http://www.mired.org/home/mwm/ Q: How do you make the gods laugh? A: Tell them your plans. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message