Subject: Re: the daily repeat of the 'daily insecurity output'
To: Petar Bogdanovic <>
From: Stefan 'Kaishakunin' Schumacher <>
List: netbsd-users
Date: 09/11/2005 20:45:33
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Also sprach Petar Bogdanovic (
> Hello, it's me!
> I was very delighted, when I discovered /etc/daily. Since then, I get=20
> every day interesting output and I'm also able to customize it trough=20
> /etc/daily.local - also a great feature!
> I'm just not sure about one detail: the daily insecurity output. On my=20
> NetBSD 2.0.2 box it looks like this:
> *****************************************
> Checking special files and directories.
> etc/dhcpd.conf:
> 	gid (0, 1000)
> 	permissions (0644, 0664)
> *****************************************
> The problem is: Why do I get this output every day? I feel, that once,=20
> it should be enought.. but thats just my personal impression.

The test is invoked by /etc/security. It can be configured by=20
/etc/security.conf, where check_mtree=3DYES enables the mtree check.=20

/etc/security is invoked with run_security=3DYES in /etc/daily.conf.

The fingerprint resides in /etc/mtree/special, so you can manipulate
this file to the according permissions of etc/dhcpd.conf.=20
Or you simply disable "check_mtree" or move it to weekly.local.

BTW: I signed /etc/mtree/* with an OpenSSL signature, which is used
to check the integrity of the mtree database.

PGP FPR: CF74 D5F2 4871 3E5C FFFE 0130 11F4 C41E B3FB AE33
Der Geist des Kriegers sollte mit Beginn des Neujahrstages bis zum Ende=20
des Jahres vom Gedanken an seinen Tod beherrscht werden.

Daijouji Shigesuke in "Budo Shoshin Shuu"

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.2 (NetBSD)