Many of us get nightly complaints from /etc/security about lots of
files we have as symlinks. For example, I get this on many hosts:

etc/namedb: 
        type (dir, link)
etc/named.conf: 
        type (file, link)

Getting the same complaint over and over again every night, of course,
doesn't serve any purpose -- it leads to "complaint fatigue" and you
simply start ignoring the security output.

We have a variable in security.conf called
"check_mtree_follow_symlinks" that can be set to "YES". If it is set
to "YES", the -L option is fed to mtree. This shuts up mtree about the
existing problem, but leads to complaints about /etc/localtime not
being a symlink, vis:

etc/localtime: 
        type (link, file)

What do people think of my making check_mtree_follow_symlinks=YES the
default in security.conf, and changing /etc/localtime in special to
"file" so that doesn't bitch?

That will eliminate (for most people) nightly bitching about all the
symlinks they have for files like /etc/named.conf.

The minus is that you won't notice if you don't use any symlinks and
someone goes in and adds one you don't want to be added.

Any thoughts about this? Ideally, /etc/security should be empty every
night on a quiescent machine (with daily noting "empty security report
suppressed) so that people don't end up with "report fatigue" --
ideally you should only see stuff if something is wrong...

-- 
Perry E. Metzger		perry@piermont.com