On Mon, Mar 14, 2005 at 10:30:02AM +0100, h p wrote:
[...]
FreeBSD security email is rather anoying, because it keeps sending
messages even if nothing has changed. I need an email sent to me only
if there is something abnormal.
What happens when someone breaks in and disables it
Sergei Gnezdov wrote:
On 2005-03-14, Jerry Bell [EMAIL PROTECTED] wrote:
There are many tools that will send alerts to you, but very few that will
work out of the box, without some level of tuning. There is a
collection of them here:
I've recently started using devialog (http://devialog.sourceforge.net/),
which is pretty good at sending exceptions to you.
Examlog (http://examlog.sourceforge.net/index.php) is by far the most
popular that I've seen, but I have not had a chance to try it on FreeBSD.
Lire
On 2005-03-14, Jerry Bell [EMAIL PROTECTED] wrote:
There are many tools that will send alerts to you, but very few that will
work out of the box, without some level of tuning. There is a
collection of them here:
http://www.syslog.org/Web_Links+index-req-viewlink-cid-4.phtml and here:
[...]
FreeBSD security email is rather anoying, because it keeps sending
messages even if nothing has changed. I need an email sent to me only
if there is something abnormal.
What happens when someone breaks in and disables it from sending email?
Think of it as a kind of heartbeat.
Sorry, it is a rather generic message, but the problem is a generic as
well.
I am running my FreeBSD machine on DMZ. I use ipfw and I expose http
and smtp ports. I also expose sshd port, but only to a trusted
network (work). I'd like to know what is the best way to monitor my
machine security.
On Sun, Mar 13, 2005 at 09:58:41PM +, Sergei Gnezdov wrote:
Sorry, it is a rather generic message, but the problem is a generic as
well.
I am running my FreeBSD machine on DMZ. I use ipfw and I expose http
and smtp ports. I also expose sshd port, but only to a trusted
network (work).
Sergei,
As one of the other responses points out, it's possible that it would be
too late by the time a monitoring system was able to send an email to you.
One way to partly mitigate that risk is by having your logs forwarded to
another system, and having the analysis run from that machine. You