CONTENTS


Lastmodified 2024-02-09 (金) 17:52:33


logcheck

【参考URL】https://bellett.moe.hm/index.php/2018/06/26/freebsd-11-install-logcheck/

portupgrade -ar --batch をした後から、一時間に1回程度の割合で以下の様なメールが着信するようになった。

From: Cron Daemon <logcheck@sun1.smb.net>
To: root@sun1.smb.net
Subject: Cron <logcheck@sun1> if [ -x /usr/local/sbin/logcheck ]; then nice -n10 /usr/local/sbin/logcheck; fi

ls: /usr/local/etc/logcheck/cracking.d: Permission denied
ls: /usr/local/etc/logcheck/violations.d: Permission denied
ls: /usr/local/etc/logcheck/violations.ignore.d: Permission denied
ls: /usr/local/etc/logcheck/ignore.d.server: Permission denied
ls: /usr/local/etc/logcheck/ignore.d.paranoid: Permission denied

あるいは、

Warning: If you are seeing this message, your log files may not have been
checked!

Details:
Could not run logtail or save output

Check temporary directory: /tmp/logcheck.LHFWZe

Also verify that the logcheck user can read all files referenced in
/usr/local/etc/logcheck/logcheck.logfiles!

declare -x BLOCKSIZE="K"
declare -x HOME="/var/lib/logcheck"
declare -x LANG="C.UTF-8"
declare -x LOGNAME="logcheck"
declare -x MAIL="/var/mail/logcheck"
declare -x MAILTO="root"
declare -x MM_CHARSET="UTF-8"
declare -x OLDPWD
declare -x PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"
declare -x PWD="/var/lib/logcheck"
declare -x SHELL="/bin/sh"
declare -x SHLVL="1"
declare -x USER="logcheck"

とも

コンソールからコマンドを打つと

# root@sun1:/var/log:21_08_18:9:50 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck"
ls: /usr/local/etc/logcheck/cracking.d: Permission denied
ls: /usr/local/etc/logcheck/violations.d: Permission denied
ls: /usr/local/etc/logcheck/violations.ignore.d: Permission denied
ls: /usr/local/etc/logcheck/ignore.d.server: Permission denied
ls: /usr/local/etc/logcheck/ignore.d.paranoid: Permission denied

と表示される。

ので、

# chown -R root:logcheck /usr/local/etc/logcheck

した。 毎時のpermission エラー は抑制されるが、さらに

# chown root:logcheck /var/log/auth.log
# chmod 640 /var/log/auth.log

/etc/mail/aliases

logcheck:	root
# newaliases

/etc/mail/aliases へ

logcheck:	root

というエイリアスを作成(書き込み)して、次のワンライナーを実行するヨロシ

newaliases && chown -R root:logcheck /usr/local/etc/logcheck && chown root:logcheck /var/log/auth.log && chmod 640 /var/log/auth.log && su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck"
root@kuji:~:21_08_26:8:36 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck"
ls: /usr/local/etc/logcheck/cracking.d: Permission denied
ls: /usr/local/etc/logcheck/violations.d: Permission denied
ls: /usr/local/etc/logcheck/violations.ignore.d: Permission denied
ls: /usr/local/etc/logcheck/ignore.d.server: Permission denied
ls: /usr/local/etc/logcheck/ignore.d.paranoid: Permission denied
root@kuji:~:21_08_26:8:37 # chown -R root:logcheck /usr/local/etc/logcheck
root@kuji:~:21_08_26:8:37 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck"
root@kuji:~:21_08_26:8:37 # chown root:logcheck /var/log/auth.log
root@kuji:~:21_08_26:8:37 # chmod 640 /var/log/auth.log
root@kuji:~:21_08_26:8:38 # newaliases
root@kuji:~:21_08_26:8:38 # newaliases
root@kuji:~:21_08_26:8:38 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck"

Total access 1421:本日 1:昨日 0

Counter: 1421, today: 1, yesterday: 0

トップ   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS