> I've been adding an extra check in my local version of /etc/security for quite
> some time now. All it does is use 'netstat' to grab a list of the listening
> tcp and udp ports of my machine and save it to /var/log/netstat.today
> (and /var/log/netstat.yesterday). This way, when some service starts
> and listens on a new port the next run of /etc/security will log the
> fact in the usual stuff sent to root by mail. I tested this running
> /etc/periodic/daily/450.security twice, and running a local IRC daemon between
> the two runs. The output that is added to the message root receives looks
> like the following:
[.....]
I like this idea. I think It would be worth making it diff against
/dev/null when netstat.today doesn't exist, so that the first time
this is run on a given machine, you get to see all the ports that are
open.
[.....]
+[ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat
[.....]
I think this like is bogus. In fact, it looks like the
$daily_status_security_noamd periodic.conf tunable is broken.
Oops ! I'll fix it after your changes go in.
--
Brian <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message