Re: Recommendations on a daily script to check syslog (or other) server security

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Ted Unangst

Subject: Re: Recommendations on a daily script to check syslog (or other) server security

Date: Tuesday, April 14, 2009 - 1:03 pm

On Tue, Apr 14, 2009 at 3:28 PM, LeRoy, Ted <tleroy@lsisolutions.com> wrote:
quoted text> Hello folks,
>
> I'm pretty new to OpenBSD and BSD in general, but I have an OpenBSD
> Syslog server up and receiving data.  I'd like to have the system be
> pretty secure, and I'd like to monitor its security via a simple script
> that runs daily.
>
> Here's what I have in the script at the present time:
>
> { uptime ; date ; who ; ps -al ; cat /var/log/adduser ; cat
> /var/log/authlog ; cat /var/log/messages ; cat /var/log/secure ; cat
> /var/log/router ; } > daily-log.txt
>
> Can some of you BSD pro's out there recommend some additions or changes
> or other things that should be checked to help ensure the system isn't
> compromised?

Have you looked at /etc/daily?

quoted text> Is there a way to see who has logged into the system over a given period
> for example?  Who only tells me who's logged in when the command is run.

last

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Recommendations on a daily script to check syslog (or othe ..., LeRoy, Ted, (Tue Apr 14, 12:28 pm)

Re: Recommendations on a daily script to check syslog (or ..., Matheus Weber da Con ..., (Tue Apr 14, 12:47 pm)

Re: Recommendations on a daily script to check syslog (or ..., Joe Gidi, (Tue Apr 14, 12:51 pm)

Re: Recommendations on a daily script to check syslog (or ..., Cezary Morga, (Tue Apr 14, 12:53 pm)

Re: Recommendations on a daily script to check syslog (or ..., Ted Unangst, (Tue Apr 14, 1:03 pm)

Re: Recommendations on a daily script to check syslog (or ..., Ingo Schwarze, (Tue Apr 14, 1:11 pm)

Re: Recommendations on a daily script to check syslog (or ..., Dan Carley, (Wed Apr 15, 7:25 am)


linux-kernel:
Paul Turner	[tg_shares_up rewrite v4 11/11] sched: update tg->shares after cpu.shares write
Matthew Garrett	Re: [PATCH] Enable speedstep for sonoma processors.
Mauro Carvalho Chehab	Re: [PATCH 1/2] media: Add timberdale video-in driver
Peter Zijlstra	[PATCH 23/30] netvm: skb processing
Greg Kroah-Hartman	[PATCH 21/28] cgroupfs: create /sys/fs/cgroup to mount cgroupfs on
git:
Jan Hudec	Re: GIT push to sftp (feature request)
Steffen Prohaska	[PATCH 0/4] core.ignorecase
Johannes Schindelin	Re: Git checkout preserve timestamp?
Linus Torvalds	[PATCH 1/7] Make unpack_trees_options bit flags actual bitfields
Johan Herland	Re: What's cooking in git.git (Oct 2010, #01; Wed, 13)
linux-netdev:
David Miller	Re: [PATCH 1/3] f_phonet: dev_kfree_skb instead of dev_kfree_skb_any in TX callback
Richard Cochran	Re: [PATCH v3 3/3] ptp: Added a clock that uses the eTSEC found on the MPC85xx.
Jan Engelhardt	Re: [PATCH] Fix netfilter xt_time's time_mt()'s use of do_div()
Herbert Xu	Re: [RFC PATCH 00/17] virtual-bus
Jeff Kirsher	Re: [net-next-2.6 PATCH] e1000e: don't inadvertently re-set INTX_DISABLE
git-commits-head:
Linux Kernel Mailing List	ALSA: hda - Enable beep on Realtek codecs with PCI SSID override
Linux Kernel Mailing List	Use path_put() in a few places instead of {mnt,d}put()
Linux Kernel Mailing List	mv643xx_eth: use sw csum for big packets
Linux Kernel Mailing List	arm: fix HAVE_CLK merge goof
Linux Kernel Mailing List	arm: convert pcm037 platform to use smsc911x
freebsd-current:
David Wolfskill	"interrupt storm..."; seems associated with an0 NIC
Andriy Gapon	Re: letting glabel recognise a media change
Garrett Cooper	Re: Only display ACPI bootmenu key if ACPI is present
Pyun YongHyeon	CFT: msk(4) Rx checksum offloading support
FreeBSD Tinderbox	[head tinderbox] failure on sparc64/sparc64