Subject: Re: The daily insecurity output
To: Jim Bernard <firstname.lastname@example.org>
From: gabriel rosenkoetter <email@example.com>
Date: 07/24/2001 23:09:55
On Tue, Jul 24, 2001 at 07:43:56AM -0600, Jim Bernard wrote:
> No, you don't need the file---it just provides a way to set make variables
> to override defaults. If you are bothered by the message from the security
> script, just create an empty file.
Uh... not that one inode is particularly likely to cause problems,
and I understand why this file *is* in the default mtree (despite
the fact that pkgsrc is not part of the default install), but the
"right" way to make this complaint go away is not to just create a
file, but rather to remove the mk.conf entry in /etc/mtree/special.
It'd be a good idea to tune that file for your system in general,
having it monitor other files changes to which you'd like to know
Also, mtree provides basically no security if you keep the binary
and database only on the hard drive. It's a good red flag kind of
thing in the daily security run (and should clearly stay), but if
you actually want to be secure, statically link a copy of mtree,
make a copy of your special file, put all of this on a floppy (or
zip disk, if it's all too large for a floppy, which it may well be
depending on your architecture) and run from that once a week or so.
(If this sounds exactly like proper tripwire usage, it should. mtree
fulfills the same function without quite so many extraneous options.)
Obviously, an unmounted (or read only) file system is insufficient
for this, as the entire point is that a remote intruder who gains
uid 0 privileges can't get at the files, so that when you do your
manual security checking any modifications will show up.
~ g r @ eclipsed.net