setup SeSE seccheck tools
# zypper in seccheck
# systemctl enable --now seccheck-daily.timer
# systemctl -t timer
# systemctl list-timers
# systemctl list-timers --all
# systemctl list-timers seccheck-daily.timer
NEXT LEFT LAST PASSED UNIT ACTIVATES
Sat 2020-01-16 00:00:00 CEST 11h left n/a n/a seccheck-daily.timer seccheck-daily.service
1 timers listed.
Pass --all to see loaded but inactive timers, too.
# systemctl -a list-units "seccheck*"
UNIT LOAD ACTIVE SUB DESCRIPTION
seccheck-daily.service loaded inactive dead Daily seccheck run
seccheck-daily.timer loaded active waiting Daily seccheck run
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
2 loaded units listed.
To show all installed unit files use 'systemctl list-unit-files'.
manual start
# systemctl start seccheck-daily
now check your mails, there should be a message from seccheck
Daily security check v3.0 by Marc Heuse <Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!>
This is an automated mail by the seccheck tool. If you want to disable
this service, set START_SECCHK=no in /etc/sysconfig/seccheck.
DISCLAIMER
Please note that these security checks are neither complete nor reliable.
Any attacker with proper experience and root access to your system can
deceive *any* security check!
Changes in your daily security configuration of suse15-01:
Changes (+: new entries, -: removed entries):
OLD: /var/lib/secchk/security-report-daily 2020-01-15 12:27:33.168119864 +0200
NEW: /var/lib/secchk/security-report-daily.new 2020-01-15 12:34:08.696119581 +0200
- fs.dentry-state = 119488 105900 45 0 4138 0
+ fs.dentry-state = 119374 105786 45 0 4168 0
- fs.inode-nr = 115340 470
- fs.inode-state = 115340 470 0 0 0 0 0