Subject: Re: the daily repeat of the 'daily insecurity output'
To: Petar Bogdanovic <petar@smokva.net>
From: Stefan 'Kaishakunin' Schumacher <stefan@net-tex.de>
List: netbsd-users
Date: 09/11/2005 20:45:33
--9jxsPFA5p3P2qPhR
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Also sprach Petar Bogdanovic (petar@smokva.net)
> Hello, it's me!
>=20
> I was very delighted, when I discovered /etc/daily. Since then, I get=20
> every day interesting output and I'm also able to customize it trough=20
> /etc/daily.local - also a great feature!
>=20
> I'm just not sure about one detail: the daily insecurity output. On my=20
> NetBSD 2.0.2 box it looks like this:
>=20
> *****************************************
> Checking special files and directories.
> etc/dhcpd.conf:
> gid (0, 1000)
> permissions (0644, 0664)
> *****************************************
=20
> The problem is: Why do I get this output every day? I feel, that once,=20
> it should be enought.. but thats just my personal impression.
The test is invoked by /etc/security. It can be configured by=20
/etc/security.conf, where check_mtree=3DYES enables the mtree check.=20
/etc/security is invoked with run_security=3DYES in /etc/daily.conf.
The fingerprint resides in /etc/mtree/special, so you can manipulate
this file to the according permissions of etc/dhcpd.conf.=20
Or you simply disable "check_mtree" or move it to weekly.local.
BTW: I signed /etc/mtree/* with an OpenSSL signature, which is used
to check the integrity of the mtree database.
--=20
PGP FPR: CF74 D5F2 4871 3E5C FFFE 0130 11F4 C41E B3FB AE33
--=20
Der Geist des Kriegers sollte mit Beginn des Neujahrstages bis zum Ende=20
des Jahres vom Gedanken an seinen Tod beherrscht werden.
Daijouji Shigesuke in "Budo Shoshin Shuu"
--9jxsPFA5p3P2qPhR
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)
iD8DBQFDJHtNEfTEHrP7rjMRAuKiAJ0RqfIrQE7kMUbjRLmE43j5vY2dUwCeMEOU
CZGR0q74aNyBluzMXsmmbfA=
=6v/T
-----END PGP SIGNATURE-----
--9jxsPFA5p3P2qPhR--