![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
#author("2024-02-09T17:50:00+09:00","default:kuji","kuji") #author("2024-02-09T17:52:33+09:00","default:kuji","kuji") CONTENTS #contents ---- Lastmodified &lastmod; ---- *logcheck [#r77221cd] 【参考URL】https://bellett.moe.hm/index.php/2018/06/26/freebsd-11-install-logcheck/ portupgrade -ar --batch をした後から、一時間に1回程度の割合で以下の様なメールが着信するようになった。 From: Cron Daemon <logcheck@sun1.smb.net> To: root@sun1.smb.net Subject: Cron <logcheck@sun1> if [ -x /usr/local/sbin/logcheck ]; then nice -n10 /usr/local/sbin/logcheck; fi ls: /usr/local/etc/logcheck/cracking.d: Permission denied ls: /usr/local/etc/logcheck/violations.d: Permission denied ls: /usr/local/etc/logcheck/violations.ignore.d: Permission denied ls: /usr/local/etc/logcheck/ignore.d.server: Permission denied ls: /usr/local/etc/logcheck/ignore.d.paranoid: Permission denied あるいは、 Warning: If you are seeing this message, your log files may not have been checked! Details: Could not run logtail or save output Check temporary directory: /tmp/logcheck.LHFWZe Also verify that the logcheck user can read all files referenced in /usr/local/etc/logcheck/logcheck.logfiles! declare -x BLOCKSIZE="K" declare -x HOME="/var/lib/logcheck" declare -x LANG="C.UTF-8" declare -x LOGNAME="logcheck" declare -x MAIL="/var/mail/logcheck" declare -x MAILTO="root" declare -x MM_CHARSET="UTF-8" declare -x OLDPWD declare -x PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" declare -x PWD="/var/lib/logcheck" declare -x SHELL="/bin/sh" declare -x SHLVL="1" declare -x USER="logcheck" とも コンソールからコマンドを打つと # root@sun1:/var/log:21_08_18:9:50 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck" ls: /usr/local/etc/logcheck/cracking.d: Permission denied ls: /usr/local/etc/logcheck/violations.d: Permission denied ls: /usr/local/etc/logcheck/violations.ignore.d: Permission denied ls: /usr/local/etc/logcheck/ignore.d.server: Permission denied ls: /usr/local/etc/logcheck/ignore.d.paranoid: Permission denied と表示される。 ので、 # chown -R root:logcheck /usr/local/etc/logcheck した。 毎時のpermission エラー は抑制されるが、さらに # chown root:logcheck /var/log/auth.log # chmod 640 /var/log/auth.log /etc/mail/aliases logcheck: root # newaliases ---- /etc/mail/aliases へ logcheck: root というエイリアスを作成(書き込み)して、次のワンライナーを実行するヨロシ newaliases && chown -R root:logcheck /usr/local/etc/logcheck && chown root:logcheck /var/log/auth.log && chmod 640 /var/log/auth.log && su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck" root@kuji:~:21_08_26:8:36 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck" ls: /usr/local/etc/logcheck/cracking.d: Permission denied ls: /usr/local/etc/logcheck/violations.d: Permission denied ls: /usr/local/etc/logcheck/violations.ignore.d: Permission denied ls: /usr/local/etc/logcheck/ignore.d.server: Permission denied ls: /usr/local/etc/logcheck/ignore.d.paranoid: Permission denied root@kuji:~:21_08_26:8:37 # chown -R root:logcheck /usr/local/etc/logcheck root@kuji:~:21_08_26:8:37 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck" root@kuji:~:21_08_26:8:37 # chown root:logcheck /var/log/auth.log root@kuji:~:21_08_26:8:37 # chmod 640 /var/log/auth.log root@kuji:~:21_08_26:8:38 # newaliases root@kuji:~:21_08_26:8:38 # newaliases root@kuji:~:21_08_26:8:38 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck" ---- * logcheck install 2024-02-09 [#b27f4ed2] # cd /usr/ports/security/logcheck # make install clean &ref(logcheck_options.PNG); Creating group 'logcheck' with gid '915'. ===> Creating users Creating user 'logcheck' with uid '915'. ===> Creating homedir(s) ==> Created crontab(5) file for user "logcheck" Please make sure that all files listed in /usr/local/etc/logcheck/logcheck.logfiles.d/syslog.logfiles are readable to the 'logcheck' group (see also /etc/newsyslog.conf), or remove them from the aforementioned logcheck configuration file. For information on how to write local rulesets see /usr/local/share/doc/logcheck/README.logcheck-database ---- Total access &counter(total);:本日 &counter(today);:昨日 &counter(yesterday); #counter([total|today|yesterday]);
