Installing logcheck (similar to logwatch) on FreeBSD
Log into each server as root.
- cd /usr/ports/security/logcheck
- make
- make install
- cd /usr/local/etc
edit logcheck.sh to change "SYSADMIN=" to the email address you want the reports to be emailed.
- cp -p logcheck.hacking.sample logcheck.hacking
cp -p logcheck.ignore.sample logcheck.ignore
cp -p logcheck.violations.sample logcheck.violations
cp -p logcheck.violations.ignore.sample logcheck.violations.ignore
Then edit the above files to your taste.
- Add the following to cron:
### send log summaries every 15 minutes
*/5 * * * * /usr/local/etc/logcheck.sh
If you want to set up your system to automatically upgrade logcheck when upgrades become available, create a cron script
to run the following on a daily or weekly basis:
/usr/local/sbin/portupgrade -P logcheck
/usr/local/sbin/portupgrade -P portupgrade
IMPORTANT NOTE: This document is based on FreeBSD. The concepts
should be similar across operating systems, but the commands will very likely be different. Also, never
assume the directory structures exist in your system as written in the document. Never blindly follow
security instructions -- read, review, compare, apply as it fits your system.
|
