'jour, Laurent,

LF: Hi all,
LF:
LF: I'm runing a SS5 under NetBSD 1.6.0 ... After a long
LF: time, I'm thinking to improve it's security as I'm
LF: adding some new users and I was surprised to see that
LF: ... everything is readable by everyone logged :-(
LF: Even very critical files (IMO) like
LF: /etc/security.conf, /etc/sysctl.conf or
LF: /etc/syslog.conf ...
LF:
LF:
LF: Is there any issue to reduce their right to rw-r-----
LF: or r--r----- ?

I don't see anything that could possibly be in there which would
compromise security by being readable.  If you're thinking
'security through obscurity', well, I suppose you could, but it
seems such a bother.

Personally, I wouldn't worry about it.

If you're concerned about anything at all in syslog.conf, I'd
say it should be over the permissions on the log files themselves
(and don't forget about newsyslog.conf in that case), i.e. you
don't want users to be able to read the file which holds any authorization
messages, and probably any of the mail traffic log messages.

LF: Thanks
LF:
LF: Laurent


				--*greywolf;
--
I'm really a software toolsmith and a musician by trade, but nobody really
needs a software toolsmith much, and the music industry is so cutthroat
that it would probably do me in.  So I do systems administration on the
side as a hobby.  Funny that my hobby finds more work than either of my
professions...