On Sun, Dec 12, 2004 at 09:46:23AM +0000, Colin J. Raven wrote:
> Hi all!
> 
> I'm reviewing the "daily insecurity output" from my NetBSD machine 
> (*love* the name, it really says it all!!) and came across these items 
> which are really puzzling.
> 
> 
> Checking root csh paths, umask values:
> /etc/csh.cshrc /etc/csh.login /root/.cshrc /root/.login
> 
> 	Root csh startup files do not set the umask.
> 
> 
> Root has a bash shell, not csh. How can I supress these error messages?

grep -n check_rootdotfiles /etc/security
vi +<grep's return value>

Edit to taste.

> 
> --------------------------------------
> 
> Checking special files and directories.
> 
> etc/postfix/main.cf:
> 	permissions (0444, 0644)
> 
> Right now the perms on main.cf are:
> 
> -rw-r--r--  1 root  wheel  1728 Dec  10 10:10 /etc/postfix/main.cf
> 
> which is 644.....is it telling me that perms *ought* *to* be 444?

Yes.  It wants read only.

> 
> On a production FreeBSD box running postfix (successfully for the past 3 
> years) the perms are precisely the same and the FreeBSD daily security 
> output from *that* box does not complain.
> 
> --------------------------------------
> 
> etc/named.conf:
> 	type (file, link)
> 
> What is it asking or telling me? What, if anything, am I doing wrong?

I got this message when I set up my box to run a cache-only DNS server.
I guess you could copy named.conf instead of symlinking to it to rid
yourself of the message.

<snip>
I don't know about the rest.  Check out /etc/security and
/etc/security.conf.

-- 

Ian P. Thomas

Destiny is not a matter of chance, it is a matter of choice. It is not a thing 
to be waited for, it is a thing to be achieved.

	- William Jennings Bryan