On Mon, Mar 14, 2005 at 10:30:02AM +0100, h p wrote:
> [...]
> > > FreeBSD security email is rather anoying, because it keeps sending
> > > messages even if nothing has changed. I need an email sent to me only
> > > if there is something abnormal.
> >
> > What happens when someone breaks in and di
Sergei Gnezdov wrote:
On 2005-03-14, Jerry Bell <[EMAIL PROTECTED]> wrote:
There are many tools that will send alerts to you, but very few that will
work "out of the box", without some level of tuning. There is a
collection of them here:
http://www.syslog.org/Web_Links+index-req-viewlink-cid-4.
I've recently started using devialog (http://devialog.sourceforge.net/),
which is pretty good at sending exceptions to you.
Examlog (http://examlog.sourceforge.net/index.php) is by far the most
popular that I've seen, but I have not had a chance to try it on FreeBSD.
Lire (http://logreport.org/li
On 2005-03-14, Jerry Bell <[EMAIL PROTECTED]> wrote:
> There are many tools that will send alerts to you, but very few that will
> work "out of the box", without some level of tuning. There is a
> collection of them here:
> http://www.syslog.org/Web_Links+index-req-viewlink-cid-4.phtml and here:
>
[...]
> > FreeBSD security email is rather anoying, because it keeps sending
> > messages even if nothing has changed. I need an email sent to me only
> > if there is something abnormal.
>
> What happens when someone breaks in and disables it from sending email?
>
> Think of it as a kind of heartb
Sergei,
As one of the other responses points out, it's possible that it would be
too late by the time a monitoring system was able to send an email to you.
One way to partly mitigate that risk is by having your logs forwarded to
another system, and having the analysis run from that machine. You
On Sun, Mar 13, 2005 at 09:58:41PM +, Sergei Gnezdov wrote:
> Sorry, it is a rather generic message, but the problem is a generic as
> well.
>
> I am running my FreeBSD machine on DMZ. I use ipfw and I expose http
> and smtp ports. I also expose sshd port, but only to a trusted
> network (wo
Sorry, it is a rather generic message, but the problem is a generic as
well.
I am running my FreeBSD machine on DMZ. I use ipfw and I expose http
and smtp ports. I also expose sshd port, but only to a trusted
network (work). I'd like to know what is the best way to monitor my
machine security.
