Not Getting Security Reports

S

sporkit

I'm not exactly sure what I changed, but about a year ago I stopped receiving daily security reports. I suspect it might have to do with the fact I started forwarding all email addressed to root, to a personal yahoo account.

If I send a local email to root like [cmd=]mail -s "test email" root[/cmd] the test does appear in my yahoo inbox.

How can I ensure daily security reports are running, and is it possible to forward them to an external location?

Thanks for any help
 
Which FreeBSD version?

That your command line test is working implies that you've set up the root alias correctly. Start by checking /var/log/cron to confirm that "(periodic daily)" is being run.

Have you made any periodic.conf(5) or /etc/crontab changes recently? (Or I guess I should say, "about a year ago"? ;))
 
Hmm, I was unaware that periodic was run off the crontab I thought it was something set in rc.conf. I believe I may have fixed this issue.

I tested the daily run by issuing the following command
Code: 
periodic daily

The email showed up in my inbox. I then set the following crontabs as root.
Code: 
0       0       *       *       *       periodic daily
0       0       *       *       0       periodic weekly
0       0       1       *       *       periodic monthly

It's been a long time since I've installed this system. Do the following rules come pre-installed into crontab by default?

Also this is probably an unrelated issue, but the folder /var was totally full. I wiped out several hundred emails and cleared the spool. I'm hoping everything will resume as normal tomorrow. I'll keep my fingers crossed!
 
From 8-stable's stock /etc/crontab:
Code: 
# Perform daily/weekly/monthly maintenance.
1       3       *       *       *       root    periodic daily
15      4       *       *       6       root    periodic weekly
30      5       1       *       *       root    periodic monthly
 
I eventually got this working but I couldn't tell you exactly which of the following fixed the situation. Here's a list of things somebody experiencing the issue might wish to be aware of.

  • /etc/crontab is the system crontab which triggers the security updates, this is not that same as running crontab -e as root
  • Yahoo mail may have been blocking messages with "security run output" in the title. I edited /etc/aliases and stopped forwarding root mail outbound. Don't forget to run newaliases after updating this file.
  • Check root mail with the following command "mail -u root"
  • Try sending a test message to the root mailbox 'mail -s "test message" root'
  • My sendmail queue was full of old messages. Try clearing it out.
  • Check root mail for error output from cron runs
  • Running crons as a user (not the system) does not specify environmental variables. Try using the full path in your script
  • Try the following for debugging your cron jobs '/bin/echo "Or at least tried..." | /bin/mail -s "Successfully Ran Cron Job" root@domain.com'

Hope this saves somebody time in the future.
 
It's probably not uncommon to have mail issues when using the base sendmail with no configuration. I use mail/ssmtp on my servers that do not handle mail themselves. It uses SMTP auth to send messages, not unlike using an MUA such as Thunderbird. I find this cures pretty much all delivery problems.
 
Old thread, but I just wanted to drop by and leave a note for other people with this problem coming here from Google.

For me it was simply so that Gmail suddenly decided to start marking these emails as Spam. Check that folder...
 
That's annoying. Did you find out why Gmail marked them as spam? Was it the similarity of a number of emails?
 
SirDice: No, Gmail does not explain how the spam decisions were made, as far as I know. But after manually moving all periodic(8) emails from the spam folder to the inbox, Gmail stopped marking new ones as spam.

I guess there could be some keywords in these emails that the spam filters triggered on, like "rootkit" from the the rkhunter addon ¯\_(ツ)_/¯.
 
You must log in or register to reply here.
Back
Top