CONTENTS


Lastmodified 2024-02-09 (金) 17:52:33


logcheck

【参考URL】https://bellett.moe.hm/index.php/2018/06/26/freebsd-11-install-logcheck/

portupgrade -ar --batch をした後から、一時間に1回程度の割合で以下の様なメールが着信するようになった。

From: Cron Daemon <logcheck@sun1.smb.net>
To: root@sun1.smb.net
Subject: Cron <logcheck@sun1> if [ -x /usr/local/sbin/logcheck ]; then nice -n10 /usr/local/sbin/logcheck; fi

ls: /usr/local/etc/logcheck/cracking.d: Permission denied
ls: /usr/local/etc/logcheck/violations.d: Permission denied
ls: /usr/local/etc/logcheck/violations.ignore.d: Permission denied
ls: /usr/local/etc/logcheck/ignore.d.server: Permission denied
ls: /usr/local/etc/logcheck/ignore.d.paranoid: Permission denied

あるいは、

Warning: If you are seeing this message, your log files may not have been
checked!

Details:
Could not run logtail or save output

Check temporary directory: /tmp/logcheck.LHFWZe

Also verify that the logcheck user can read all files referenced in
/usr/local/etc/logcheck/logcheck.logfiles!

declare -x BLOCKSIZE="K"
declare -x HOME="/var/lib/logcheck"
declare -x LANG="C.UTF-8"
declare -x LOGNAME="logcheck"
declare -x MAIL="/var/mail/logcheck"
declare -x MAILTO="root"
declare -x MM_CHARSET="UTF-8"
declare -x OLDPWD
declare -x PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"
declare -x PWD="/var/lib/logcheck"
declare -x SHELL="/bin/sh"
declare -x SHLVL="1"
declare -x USER="logcheck"

とも

コンソールからコマンドを打つと

# root@sun1:/var/log:21_08_18:9:50 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck"
ls: /usr/local/etc/logcheck/cracking.d: Permission denied
ls: /usr/local/etc/logcheck/violations.d: Permission denied
ls: /usr/local/etc/logcheck/violations.ignore.d: Permission denied
ls: /usr/local/etc/logcheck/ignore.d.server: Permission denied
ls: /usr/local/etc/logcheck/ignore.d.paranoid: Permission denied

と表示される。

ので、

# chown -R root:logcheck /usr/local/etc/logcheck

した。 毎時のpermission エラー は抑制されるが、さらに

# chown root:logcheck /var/log/auth.log
# chmod 640 /var/log/auth.log

/etc/mail/aliases

logcheck:	root
# newaliases

/etc/mail/aliases へ

logcheck:	root

というエイリアスを作成(書き込み)して、次のワンライナーを実行するヨロシ

newaliases && chown -R root:logcheck /usr/local/etc/logcheck && chown root:logcheck /var/log/auth.log && chmod 640 /var/log/auth.log && su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck"
root@kuji:~:21_08_26:8:36 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck"
ls: /usr/local/etc/logcheck/cracking.d: Permission denied
ls: /usr/local/etc/logcheck/violations.d: Permission denied
ls: /usr/local/etc/logcheck/violations.ignore.d: Permission denied
ls: /usr/local/etc/logcheck/ignore.d.server: Permission denied
ls: /usr/local/etc/logcheck/ignore.d.paranoid: Permission denied
root@kuji:~:21_08_26:8:37 # chown -R root:logcheck /usr/local/etc/logcheck
root@kuji:~:21_08_26:8:37 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck"
root@kuji:~:21_08_26:8:37 # chown root:logcheck /var/log/auth.log
root@kuji:~:21_08_26:8:37 # chmod 640 /var/log/auth.log
root@kuji:~:21_08_26:8:38 # newaliases
root@kuji:~:21_08_26:8:38 # newaliases
root@kuji:~:21_08_26:8:38 # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck"

logcheck install 2024-02-09

# cd /usr/ports/security/logcheck
# make install clean

logcheck_options.PNG

Creating group 'logcheck' with gid '915'.
===> Creating users
Creating user 'logcheck' with uid '915'.
===> Creating homedir(s)
==> Created crontab(5) file for user "logcheck"
Please make sure that all files listed in

  /usr/local/etc/logcheck/logcheck.logfiles.d/syslog.logfiles

are readable to the 'logcheck' group (see also /etc/newsyslog.conf),
or remove them from the aforementioned logcheck configuration file.

For information on how to write local rulesets see

  /usr/local/share/doc/logcheck/README.logcheck-database

Total access 1104:本日 2:昨日 0

Counter: 1104, today: 2, yesterday: 0

添付ファイル: filelogcheck_options.PNG 13件 [詳細]

トップ   編集 凍結 差分 履歴 添付 複製 名前変更 リロード   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2024-02-09 (金) 17:52:33