Subject: Re: "daily insecurity output" annoyance
To: Perry E. Metzger <>
From: Jon Lindgren <>
List: tech-userlevel
Date: 01/25/2001 10:41:22
On 25 Jan 2001, Perry E. Metzger wrote:


> > Agreed, but we'd also need the capability to see if they've changed.
> That's already in the scripts. Have a look. This is orthogonal.

I'm a dope.  I even said "passwd file" later on in the paragraph.  I
need more coffee, or something (scotch?  no, too early...)

> > I'd agree with the idea that in general, a box as configured within
> > reason should not produce warnings or anomalous results in the daily
> > outputs, especially when it's a stock configuration right out of base.tgz
> > and etc.tgz
> Yup. You want to be able to have /etc/security come out clean on a
> reasonably configured box.


On a perhaps-related note, it may be nice to have the security prepend
items such as "WARNING" or "CHANGE" or such - this way a central
logging/admin box could easily pipe mail into a simple script for
processing, and an admin of lots of boxes doesn't necessarily have to
view tons of email every night - it can be boiled down to changes or

Not that a script couldn't be written to parse the existing output, it 
just wouldn't be as easy.

Just an idea.

 - The opinions expressed are not necesarily those of my employer.
 - latest Health news for 12/4/2000 at 2:10 p.m.:
    Tobacco firm backs lung cancer test: Spaz the cat will never again
    want for medication to relieve his constipation.