How’s YOUR server doin’?

If you are using FreeBSD then you must be familiar with daily run output or daily security run output messages. They can be found in the root user’s mailbox by simply typing mail as root. If you’re not familiar with them I highly recommend getting to know them, they contain very useful information about your computer.

Below you can find two examples; reading them, you will understand why you want them:

Daily security run output

From root@myserver.local Mon May 28 03:39:18 2018
Date: Mon, 28 May 2018 03:39:18 -0400 (EDT)
From: Charlie Root <root@myserver.local>
To: root@myserver.local
Subject: myserver.local daily security run output

Checking setuid files and devices:

Checking negative group permissions:

Checking for uids of 0:
root 0
toor 0

Checking for passwordless accounts:

Checking login.conf permissions:

myserver.local login failures:

myserver.local refused connections:

Checking for packages with security vulnerabilities:
python27-2.7.14_1
curl-7.59.0
samba44-4.4.16

Checking for packages with mismatched checksums:
munin-master-2.0.36: missing file /usr/local/www/munin/.htaccess.sample

— End of security output —

 

Daily run output

From root@myserver.local Sat Jun 2 03:04:05 2018
Date: Sat, 2 Jun 2018 03:04:05 -0400 (EDT)
From: Charlie Root <root@myserver.local>
To: root@myserver.local
Subject: myserver.local daily run output

Removing stale files from /var/preserve:

Cleaning out old system announcements:

Removing stale files from /var/rwho:

Backup passwd and group files:

Verifying group file syntax:
/etc/group is fine

Backing up mail aliases:

Disk status:
Filesystem Size Used Avail Capacity Mounted on
zroot/ROOT/default 402G 14G 388G 3% /
devfs 1.0K 1.0K 0B 100% /dev
zroot/tmp 388G 2.7M 388G 0% /tmp
zroot/usr/home 390G 2.2G 388G 1% /usr/home
zroot/ezjail 389G 792M 388G 0% /usr/jails
zroot/ezjail/basejail 388G 296M 388G 0% /usr/jails/basejail
zroot/ezjail/newjail 388G 4.7M 388G 0% /usr/jails/newjail
zroot/usr/ports 389G 857M 388G 0% /usr/ports
zroot/usr/src 388G 96K 388G 0% /usr/src
zroot/var/audit 388G 96K 388G 0% /var/audit
zroot/var/crash 388G 96K 388G 0% /var/crash
zroot/var/log 388G 4.0M 388G 0% /var/log
zroot/var/mail 388G 248K 388G 0% /var/mail
zroot/var/tmp 388G 4.5M 388G 0% /var/tmp
zroot 388G 96K 388G 0% /zroot
zroot/files 411G 23G 388G 6% /zroot/files
/usr/jails/basejail 388G 296M 388G 0% /usr/jails/sql/basejail
devfs 1.0K 1.0K 0B 100% /usr/jails/sql/dev
fdescfs 1.0K 1.0K 0B 100% /usr/jails/sql/dev/fd
procfs 4.0K 4.0K 0B 100% /usr/jails/sql/proc

Network interface status:
Name Mtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll Drop
em0 1500 <Link#1> a4:ba:db:f1:02:cf 7893268 0 0 7622473 0 0 0
em0 – 10.99.18.0/24 myserver.local 8217290 – – 7593853 – – –
lo0 16384 <Link#2> lo0 4234117 0 0 4198697 0 0 0
lo0 – localhost localhost 74526 – – 74526 – – –
lo0 – fe80::%lo0/64 fe80::1%lo0 0 – – 0 – – –
lo0 – your-net localhost 2751886 – – 4124171 – – –
lo3 16384 <Link#3> lo3 5092659 0 0 5057239 0 0 0
lo3 – 172.16.1.3/32 172.16.1.3 5059279 – – 5057239 – – –
lo4 16384 <Link#4> lo4 36152 0 0 732 0 0 0
lo4 – 172.16.1.4/32 172.16.1.4 2087 – – 732 – – –
pflog 33160 <Link#5> pflog0 0 0 0 0 0 0 0

Local system status:
3:01AM up 10 days, 6:06, 2 users, load averages: 1.13, 0.84, 0.71

Mail in local queue:

Mail in submit queue:
/var/spool/clientmqueue is empty
Total requests: 0

Security check:
(output mailed separately)

Checking for rejected mail hosts:

Checking userland and kernel versions:
Userland and kernel are in sync.

Backing up pkgng database:

SMART status:
Checking health of /dev/ada0: OK
Checking health of /dev/ada1: OK

— End of daily output —

The good news is that you don’t have to ssh to a server in order to read them; you can forward these and all other system-related emails to an email address like this:

edit /etc/aliases
root: address@youremailprovider.com

Warning! As you may have figured out, these emails might contain data that is not for the public, or at least not for your email provider.  Before setting up such a thing, check if you or anyone else using the server is fine with these emails.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.