CONTENTS
Lastmodified 2024-02-09 (金) 17:52:33
【参考URL】https://bellett.moe.hm/index.php/2018/06/26/freebsd-11-install-logcheck/
portupgrade -ar --batch をした後から、一時間に1回程度の割合で以下の様なメールが着信するようになった。
From: Cron Daemon <logcheck@sun1.smb.net> To: root@sun1.smb.net Subject: Cron <logcheck@sun1> if [ -x /usr/local/sbin/logcheck ]; then nice -n10 /usr/local/sbin/logcheck; fi ls: /usr/local/etc/logcheck/cracking.d: Permission denied ls: /usr/local/etc/logcheck/violations.d: Permission denied ls: /usr/local/etc/logcheck/violations.ignore.d: Permission denied ls: /usr/local/etc/logcheck/ignore.d.server: Permission denied ls: /usr/local/etc/logcheck/ignore.d.paranoid: Permission denied
あるいは、
Warning: If you are seeing this message, your log files may not have been checked! Details: Could not run logtail or save output Check temporary directory: /tmp/logcheck.LHFWZe Also verify that the logcheck user can read all files referenced in /usr/local/etc/logcheck/logcheck.logfiles! declare -x BLOCKSIZE="K" declare -x HOME="/var/lib/logcheck" declare -x LANG="C.UTF-8" declare -x LOGNAME="logcheck" declare -x MAIL="/var/mail/logcheck" declare -x MAILTO="root" declare -x MM_CHARSET="UTF-8" declare -x OLDPWD declare -x PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" declare -x PWD="/var/lib/logcheck" declare -x SHELL="/bin/sh" declare -x SHLVL="1" declare -x USER="logcheck"
とも
コンソールからコマンドを打つと
# root@sun1:/var/log:21_08_18:9:50 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck" ls: /usr/local/etc/logcheck/cracking.d: Permission denied ls: /usr/local/etc/logcheck/violations.d: Permission denied ls: /usr/local/etc/logcheck/violations.ignore.d: Permission denied ls: /usr/local/etc/logcheck/ignore.d.server: Permission denied ls: /usr/local/etc/logcheck/ignore.d.paranoid: Permission denied
と表示される。
ので、
# chown -R root:logcheck /usr/local/etc/logcheck
した。 毎時のpermission エラー は抑制されるが、さらに
# chown root:logcheck /var/log/auth.log # chmod 640 /var/log/auth.log
/etc/mail/aliases
logcheck: root
# newaliases
/etc/mail/aliases へ
logcheck: root
というエイリアスを作成(書き込み)して、次のワンライナーを実行するヨロシ
newaliases && chown -R root:logcheck /usr/local/etc/logcheck && chown root:logcheck /var/log/auth.log && chmod 640 /var/log/auth.log && su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck"
root@kuji:~:21_08_26:8:36 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck" ls: /usr/local/etc/logcheck/cracking.d: Permission denied ls: /usr/local/etc/logcheck/violations.d: Permission denied ls: /usr/local/etc/logcheck/violations.ignore.d: Permission denied ls: /usr/local/etc/logcheck/ignore.d.server: Permission denied ls: /usr/local/etc/logcheck/ignore.d.paranoid: Permission denied root@kuji:~:21_08_26:8:37 # chown -R root:logcheck /usr/local/etc/logcheck root@kuji:~:21_08_26:8:37 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck" root@kuji:~:21_08_26:8:37 # chown root:logcheck /var/log/auth.log root@kuji:~:21_08_26:8:37 # chmod 640 /var/log/auth.log root@kuji:~:21_08_26:8:38 # newaliases root@kuji:~:21_08_26:8:38 # newaliases root@kuji:~:21_08_26:8:38 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck"
Total access 1421:本日 1:昨日 0