> Date: Fri, 9 Oct 2009 13:31:56 +0200
> From: be...@bah.homeip.net
> To: freebsd-questions@freebsd.org
> Subject: security run output
>
> Hello list!
>
> I'm getting the messages below far one machine and I can't
> remeber how managed to do that. I want
Hello list!
I'm getting the messages below far one machine and I can't
remeber how managed to do that. I want that for my other machines
as well, but can not remeber how to activate it.
Checking for a current audit database:
Database created: Wed Oct 7 03:55:02 CEST 2009
Checking for package
On Tue, Jun 05, 2007 at 04:11:24PM -0700, Peter Pluta wrote:
> mail.***.net setuid diffs:
> --- /var/log/setuid.today Mon May 21 03:02:30 2007
> +++ /tmp/security.wq6BsVcrSun Jun 3 03:01:48 2007
> @@ -20,7 +20,7 @@
> 377398 -r-sr-xr-x 2 root wheel 5828 Jul 30 16:19:57 2006
1 root smmsp 5236 Jul 30 16:20:07 2006
/usr/sbin/mailwrapper
923264 -r-sr-x--- 1 root network11636 Jul 30 16:20:07 2006
/usr/sbin/sliplogin
I have some more, I'm starting to understand it a bit better. Basically the
user:group id number has changed and the security run is letti
Roland Smith wrote:
On Wed, May 23, 2007 at 12:40:19PM -0700, PeterPluta wrote:
I see this quite regularly. What exactly is the http process doing? I'm
guessing this is the master process stopping and restarting when I rotate
logs or something. Can anyone confirm? There is usally more processes,
uot;[EMAIL PROTECTED]"
>
>
Ahh I see, so this isn't a good thing. I'm running Apahe with mod_php. I
don't see why it would be crashing, unless one of the web apps is buggy.
--
View this message in context:
http://ww
On Wed, May 23, 2007 at 12:40:19PM -0700, PeterPluta wrote:
>
> I see this quite regularly. What exactly is the http process doing? I'm
> guessing this is the master process stopping and restarting when I rotate
> logs or something. Can anyone confirm? There is usally more processes, 10-15
> or mo
In the last episode (May 23), PeterPluta said:
> I see this quite regularly. What exactly is the http process doing?
> I'm guessing this is the master process stopping and restarting when
> I rotate logs or something. Can anyone confirm? There is usally more
> processes, 10-15 or more.
>
> kernel
ay 23 03:01:42 2007
+pid 30865 (httpd), uid 80: exited on signal 4
--
View this message in context:
http://www.nabble.com/Security-Run-Output-Questions-tf3806074.html#a10771250
Sent from the freebsd-questions mailing list archive at Nabble.com.
___
fr
On Mon, May 21, 2007 at 11:59:33AM -0700, PeterPluta wrote:
> > Looks like you were portupgrading around with postfix, screen and xterm.
> >
> > The output is diff(1). See the man page for details, but it's basically
> > showing you the difference between last night's directory listing, and
> >
ial Technologies
> http://www.potentialtech.com
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
>
>
On Mon, 21 May 2007 11:34:25 -0700 (PDT)
PeterPluta <[EMAIL PROTECTED]> wrote:
>
> I did a lot of port hacking yesterday. By that I mean screwing up and redoing
> lots of things. Anyway, I woke up today to find this email in my inbox.
>
> Checking setuid files and devices:
>
> mail.placidpubli
? Specifically the @@ -19,9 +18,9 @@ stuff.
Also, why did this all of a sudden appear?
--
View this message in context:
http://www.nabble.com/Security-Run-Output-Setuid-Differences-tf3792025.html#a10724342
Sent from the freebsd-questions mailing list archive at Nabble.com
Jan L. Nauta schrieb:
>
> [...]
> +NSAN MI ISA 38, EIS3A8, E0I
> +S
> +A 0
> +<2<>N2>NMMII I SAIS A 38, E3I8S, AEI S0A NMI ISA 38, EISA 0 kernel trap
> +19 with interrupts disabled NMI ISA 28, EISA 0 NMNSAM I ISA 28,
> +EISA2 08
> [...]
> g_vfs_done():mirror/gm0s1f[READ(offset=356486479872, length
Hi,
SMP FreeBSD 6.2-RELEASE (i386), latest version via freebsd-update, on a
PentiumD based server with two ide drives running under gmirror.
Recently I've been getting the following messages in my daily security run
output mails:
+NMI INSAM I IS2A 8, EISA 20
+8,
+<2<>
Hi,
SMP FreeBSD 6.2-RELEASE (i386), latest version via freebsd-update, on a
PentiumD based server with two ide drives running under gmirror.
Recently I've been getting the following messages in my daily security run
output mails:
+NMI INSAM I IS2A 8, EISA 20
+8,
+<2<>
On 30 Aug nicky wrote:
> In your message you state, "Begin forwarded message [some Xorg update
> warnings deleted]:"
>
> Isn't it so that in your message, lines 3 to 12 are just port related
> binaries? (i assume xorg related). Meaning that ping/ping6, etc aren't
> updated at all. At least i don
My guess is that there is nothing to be worried about, however i could
be wrong. Let me explain..
This morning i received the same kind of message in my security run
output (yesterday i've updated all my ports):
Checking setuid files and devices:
nlp setuid diffs:
--- /var/log/setuid.
On 28 Aug David Robillard wrote:
> Did you reinstall the entire OS _before_ you installed Osiris? Did you
> find out why your SUID files had changed in the first place?
No. I did a "diff" with the same files on other freebsd-6.1 machines which
I'm absolutely certain are not compromised. The file
I'm a little worried after reading the security output this morning.
It seems some files [ping, ping6, shutdown, at, atq and atrm] have
setuid diffs. I really don't know why this could have happened.
I updated some ports yesterday, but I don't think any port writes
in /sbin (?)
Could someboddy ad
dick hoogendijk wrote:
I'm a little worried after reading the security output this morning.
It seems some files [ping, ping6, shutdown, at, atq and atrm] have
setuid diffs. I really don't know why this could have happened.
I updated some ports yesterday, but I don't think any port writes
in /sbin
I'm a little worried after reading the security output this morning.
It seems some files [ping, ping6, shutdown, at, atq and atrm] have
setuid diffs. I really don't know why this could have happened.
I updated some ports yesterday, but I don't think any port writes
in /sbin (?)
Could someboddy advi
ne has been attempting to break into my system. I usually read the
Security Run Output e-mails to see if the attacker(s) had made any headway,
and took necessary precautions (limiting ssh logins etc). However, last
week (after it seemed that the attacks had let up somewhat) I stopped
receiving the e-mai
d the Security Run Output
e-mails to see if the attacker(s) had made any headway, and took necessary
precautions (limiting ssh logins etc). However, last week (after it seemed
that the attacks had let up somewhat) I stopped receiving the e-mails (as well
as the daily run output e-mails). I still rea
PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Bryan Curl
Sent: Tuesday, April 25, 2006 6:18 PM
To: freebsd-questions
Subject: Security Run Output
I get this or similar message in my Security Run Output every day.
Is it something to be concerned with?
lnut.bc.net ipf denied packets:
+++ /tmp
I get this or similar message in my Security Run Output every day.
Is it something to be concerned with?
lnut.bc.net ipf denied packets:
+++ /tmp/security.FsPOiq0v Fri Apr 21 03:03:51 2006
+1 @4 block out log first quick on dc0 all
+47571 @14 block in log first quick on dc0 all
OK, so every night the default install of FreeBSD generates a "security
run output" report for IPF denied packets. Here is a sample report;
> 221143 @2 block out log quick on dc0 from any to any head 15
> 92733 @2 block in log quick on dc0 from any to any head 10
> 20 @8 bl
On Sunday, 5 December 2004 at 11:33:23 -0500, Lowell Gilbert wrote:
> Kjell Midtseter <[EMAIL PROTECTED]> writes:
>
> > List members!
> >
> > My daily security run output contains lots of kernel log messages like the
> > following:
> > >
Kjell Midtseter <[EMAIL PROTECTED]> writes:
> List members!
>
> My daily security run output contains lots of kernel log messages like the
> following:
> > Connection attempt to UDP 10.0.0.10:1099 from 217.13.4.21:53
> > Connection attempt to UDP 10.0.0
List members!
My daily security run output contains lots of kernel log messages like the
following:
> Connection attempt to UDP 10.0.0.10:1099 from 217.13.4.21:53
> Connection attempt to UDP 10.0.0.10:3204 from 193.75.75.193:53
--
What are the significanse of these messages?
My ipf fi
Hello,
I'm hoping somebody on this list can shed some light on this.
My boss sent me a copy of his daily cron security run output, which
contained this:
localhost.local kernel log messages:
GEOM: create disk ad0 dp=0xc6b77d60
GEOM: create disk cd0 dp=0xc69a8600
We're a
Hello,
Does anybody know what this means when I see this in a daily security
run output?:
locahost.local kernel log messages:
GEOM: create disk ad0 dp=0xc6b77d60
GEOM: create disk cd0 dp=0xc69a8600
I don't recall ever seeing this in my daily outputs, but my boss sent me
an email with thi
This junk is normally seen in dmesg if you used the interactive kernel
configurator at the last boot.
On Wed, 1 Sep 2004, Charles M. Gerungan wrote:
> [fqdn] kernel log messages:
>
> > 'M-[M-c^_M-'M-ZM-c^_M-KM-ZM-c^_M-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^M
[fqdn] kernel log messages:
> 'M-[M-c^_M-'M-ZM-c^_M-KM-ZM-c^_M-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,
*This message was transferred with a trial version of CommuniGate(tm) Pro*
>> ... MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
>No -- that's entirely harmless. If you look at /var/run/dmesg.boot,
>you see that it's just part of the normal kernel output during boot.
>Specif
On Sat, Aug 14, 2004 at 07:57:58AM -0500, Chris wrote:
> *This message was transferred with a trial version of CommuniGate(tm) Pro*
>
>
>
> First time I've ever seen this:
>
>
> server.tcslea.org kernel log messages:
> > ff
>
> (one long line - sorry for the wrapping)
>
> It appears to be CP
*This message was transferred with a trial version of CommuniGate(tm) Pro*
First time I've ever seen this:
server.tcslea.org kernel log messages:
> ff
(one long line - sorry for the wrapping)
It appears to be CPU related, but in what context? Is it something I need to
investigate, and if so
*This message was transferred with a trial version of CommuniGate(tm) Pro*
Hmm, I found:
/etc/periodic/security/700.kernelmsg
which seems to be what generates the information I was talking about in the email. So
I guess you were correct that it's not from /var/log/messages after all.
Having sa
Chris wrote:
When I get my nightly email from the "security run output" it normally has about the
last 20 lines or less from the /var/log/messages. Is there a way to increase that to about the
last 50 lines?
Thanks,
Chris
Hmm, I don't think that it's necessarily true t
*This message was transferred with a trial version of CommuniGate(tm) Pro*
When I get my nightly email from the "security run output" it normally has about the
last 20 lines or less from the /var/log/messages. Is there a way to increase that to
about the last 50 lines?
Tha
ilto:[EMAIL PROTECTED]
> Sent: Saturday, August 23, 2003 3:01 AM
> To: [EMAIL PROTECTED]
> Subject: kennedy.psknet.com security run output
>
>
>
> Checking setuid files and devices:
>
> Checking for uids of 0:
> root 0
> toor 0
>
> Checking for passwor
John Murphy <[EMAIL PROTECTED]> writes:
> Fuzzy <[EMAIL PROTECTED]> wrote:
> >
> >Is there any way to convince the kernel not to log these
> >incorrect arp messages?
> >
> >currently we have...
> >net.link.ether.inet.log_arp_wrong_iface: 1
> >
> >Is there a different sysctl or variable for rc.conf
Fuzzy <[EMAIL PROTECTED]> wrote:
>
>Is there any way to convince the kernel not to log these
>incorrect arp messages?
>
>currently we have...
>net.link.ether.inet.log_arp_wrong_iface: 1
>
>Is there a different sysctl or variable for rc.conf
>to stop it from logging incorrect information?
Indeed th
>On Fri, Jul 04, 2003 at 08:48:24AM -0400, Dave [Hawk-Systems] wrote:
>> >we have 4 servers running, each sends daily and security run output
>email each
>> >day around 3am. Recently one of them stopped sending these messages. In
>> >looking at the periodic.c
On Fri, Jul 04, 2003 at 08:48:24AM -0400, Dave [Hawk-Systems] wrote:
> >we have 4 servers running, each sends daily and security run output email each
> >day around 3am. Recently one of them stopped sending these messages. In
> >looking at the periodic.conf and associated di
>we have 4 servers running, each sends daily and security run output email each
>day around 3am. Recently one of them stopped sending these messages. In
>looking at the periodic.conf and associated directories, I don't see any
>problems or changes that I am aware of. There
we have 4 servers running, each sends daily and security run output email each
day around 3am. Recently one of them stopped sending these messages. In
looking at the periodic.conf and associated directories, I don't see any
problems or changes that I am aware of. There are no enrties in
i've managed to put together a
> somewhat secure firewall/gateway machine.
I'm wondering you never read the handbook as it's recommented by your
login message motd(5).
> Now, at regular intervals, e-mails are sent to me by the machine...
>
> HOST.DOMAIN.TLD securit
ay machine.
Now, at regular intervals, e-mails are sent to me by the machine...
HOST.DOMAIN.TLD security run output
HOST.DOMAIN.TLD daily run output
HOST.DOMAIN.TLD weekly run output
HOST.DOMAIN.TLD monthly run output
Now, I receive these e-mail regularly at differing times each day (as appropri
Hi folks..
I've got FreeBSD 4.7 running as my router to the net from local systems.
I am wanting the output from 'security run output' to be sent to my isp email
address.
The problem is that it's sending the mail to me but bouncing because it's
sending from FBSD.npg
50 matches
Mail list logo
