PERFORCE change 35398 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=35398

Change 35398 by rwatson at rwatson_paprika on 2003/08/02 10:30:21

	Flesh out the security event activities some.

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#4 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#4 (text+ko) ====

@@ -2729,9 +2729,9 @@
       <para>The daily security event, executed once a day by the
 	system daily event, checks a variety of system security
 	properties, and generates a report that may be e-mailed to
-	the administrator, or sent to a file.  This report is
-	intended to make it easier for administrators to track
-	security-related changes to the system, such as the
+	the administrator, or sent to a file.
+	This report is intended to make it easier for administrators
+	to track security-related changes to the system, such as the
 	addition or modification of users, changes to the file
 	system namespace, events relating to the password
 	subsystem, high priority log messages, or changes in the
@@ -2740,12 +2740,36 @@
 	these reports are often helpful in post-mortem analysis
 	of compromised systems, as they provide some basic
 	tripwire functionality, as well as long term tracking of
-	system configuration.</para>
+	system configuration.
+	The following activities are performed by the daily
+	security event:</para>
 
-<!--
-XXX review this text, may not be entirely accurate; might mix up
-parts of daily with security.
--->
+      <itemizedlist>
+	<listitem><para>Report on changes in the set of setuid and
+	  setgid binaries in the local file system.</para></listitem>
+	<listitem><para>Report on changes in the set of mounted
+	  file systems and file system flags.</para></listitem>
+	<listitem><para>Report on any local users other than the root
+	  user with a uid of 0.</para></listitem>
+	<listitem><para>Report on any users without passwords.</para>
+	  </listitem>
+	<listitem><para>Report on any logged IPFW packet denials.
+	  </para></listitem>
+	<listitem><para>Report on any logged IPFilter packet denials.
+	  </para></listitem>
+	<listitem><para>Report on any logged IPFW packet limits.
+	  </para></listitem>
+	<listitem><para>Report on any logged IPv6 IPFW packet denials.
+	  </para></listitem>
+	<listitem><para>Report on any logged IPv6 IPFW packet limits.
+	  </para></listitem>
+	<listitem><para>Report on any changes in the kernel log
+	  output.</para></listitem>
+	<listitem><para>Report on any logged login failures.
+	  </para></listitem>
+	<listitem><para>Report on any logged TCP wrapper failures.
+	  </para></listitem>
+      </itemizedlist>
     </sect2>
 
     <sect2 id="secarch-mac">
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message