Subject: Re: symlink complaints in /etc/security
To: Perry E.Metzger <>
From: Curt Sampson <>
List: tech-security
Date: 12/08/2003 09:14:06
On Sun, 7 Dec 2003, Perry E.Metzger wrote:

> Many of us get nightly complaints from /etc/security about lots of
> files we have as symlinks.

Yes, I have this same problem, and find it annoying. I solved it by
simply changing my mtree.conf to say that that file should be a symlink,
but this is not an optimal solution, as it doesn't check what the
symlink is pointing to.

> What do people think of my making check_mtree_follow_symlinks=YES the
> default in security.conf, and changing /etc/localtime in special to
> "file" so that doesn't bitch?

Yes. Slightly better, perhaps, but also slightly more work, would be to
have some way of marking files such as /etc/localtime as "should be a
symlink--do not follow".

> Ideally, /etc/security should be empty every
> night on a quiescent machine (with daily noting "empty security report
> suppressed) so that people don't end up with "report fatigue" --
> ideally you should only see stuff if something is wrong...

I strongly agree with this.

Curt Sampson  <>   +81 90 7737 2974
    Don't you know, in this new Dark Age, we're all light.  --XTC