PERFORCE change 35400 for review

Robert Watson rwatson at FreeBSD.org
Sat Aug 2 17:38:32 GMT 2003 

http://perforce.freebsd.org/chv.cgi?CH=35400

Change 35400 by rwatson at rwatson_paprika on 2003/08/02 10:37:38

	Expand on the distinctions between the various periodic events
	and their relationship.  Also document security-relevant
	activities by the other periodic events (daily, weekly, monthly).

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#5 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#5 (text+ko) ====

@@ -2726,11 +2726,16 @@
     <sect2 id="secarch-security-event">
       <title>Daily Security Event</title>
 
-      <para>The daily security event, executed once a day by the
-	system daily event, checks a variety of system security
-	properties, and generates a report that may be e-mailed to
-	the administrator, or sent to a file.
-	This report is intended to make it easier for administrators
+      <para>FreeBSD executes a series of periodic maintenance events at
+	regular intervals: a daily event, daily security event, weekly
+	event, and monthly event.
+	These events check system configuration and usage activities,
+	and report on the activities to the system administrator by
+	e-mail, or to a file.
+	A number of elements of these events, especially the daily
+	security event, report on changes in security-relevent
+	configuration and activities.
+	These reports are intended to make it easier for administrators
 	to track security-related changes to the system, such as the
 	addition or modification of users, changes to the file
 	system namespace, events relating to the password
@@ -2741,7 +2746,16 @@
 	of compromised systems, as they provide some basic
 	tripwire functionality, as well as long term tracking of
 	system configuration.
-	The following activities are performed by the daily
+	The following security-relevent activities are performed
+	by the daily event:</para>
+
+      <itemizedlist>
+	<listitem><para>Diff the password and group databases against
+	  the previous days backups; back up these databases for
+	  future comparison and restore.</para></listitem>
+      </itemizedlist>
+
+      <para>The following activities are performed by the daily
 	security event:</para>
 
       <itemizedlist>
@@ -2770,6 +2784,15 @@
 	<listitem><para>Report on any logged TCP wrapper failures.
 	  </para></listitem>
       </itemizedlist>
+
+      <para>The following security-relevent activities are performed
+	by the weekly event:</para>
+
+      <itemizedlist>
+	<listitem><para>Report on files with an unknown user or
+	  group (owner not present in password or group database).
+	  </para></listitem>
+      </itemizedlist>
     </sect2>
 
     <sect2 id="secarch-mac">
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list