NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

misc/43357: initial security run output is too large

>Number:         43357
>Category:       misc
>Synopsis:       initial security run output is too large
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    misc-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue May 25 23:05:00 +0000 2010
>Originator:     David A. Holland
>Release:        NetBSD 5.1_RC2
System: NetBSD amberdon 5.1_RC2 NetBSD 5.1_RC2 (GENERIC) #0: Fri May 21 
00:29:51 UTC 2010
Architecture: amd64
Machine: x86_64

The initial security run output after installing a new machine is some
32,000 lines. Nobody will ever page through this, so if bad stuff gets
in on the first day it will never be detected.

About 80% of this is the first diff, against /dev/null, of ~every file
in /etc; most the rest is "Device additions" for every device in /dev.


Install. Actually read root's mail.


sysinst should preload /var/backups; moreover, it should do it with
the original distribution versions of things, so the user's config
changes *are* reflected in the first nightly security mail and so the
distribution versions are available for reference. This would have a
number of additional benefits beyond reducing the mail size.

Home | Main Index | Thread Index | Old Index