Subject: Re: symlink complaints in /etc/security
To: Perry E.Metzger <firstname.lastname@example.org>
From: Curt Sampson <email@example.com>
Date: 12/08/2003 09:14:06
On Sun, 7 Dec 2003, Perry E.Metzger wrote:
> Many of us get nightly complaints from /etc/security about lots of
> files we have as symlinks.
Yes, I have this same problem, and find it annoying. I solved it by
simply changing my mtree.conf to say that that file should be a symlink,
but this is not an optimal solution, as it doesn't check what the
symlink is pointing to.
> What do people think of my making check_mtree_follow_symlinks=YES the
> default in security.conf, and changing /etc/localtime in special to
> "file" so that doesn't bitch?
Yes. Slightly better, perhaps, but also slightly more work, would be to
have some way of marking files such as /etc/localtime as "should be a
symlink--do not follow".
> Ideally, /etc/security should be empty every
> night on a quiescent machine (with daily noting "empty security report
> suppressed) so that people don't end up with "report fatigue" --
> ideally you should only see stuff if something is wrong...
I strongly agree with this.
Curt Sampson <firstname.lastname@example.org> +81 90 7737 2974 http://www.NetBSD.org
Don't you know, in this new Dark Age, we're all light. --XTC