Subject: Re: the daily repeat of the 'daily insecurity output'
To: Stefan 'Kaishakunin' Schumacher <stefan@net-tex.de>
From: Petar Bogdanovic <netbsd.2005@smokva.net>
List: netbsd-users
Date: 09/12/2005 14:20:03
Great, thanx! :)

Stefan 'Kaishakunin' Schumacher wrote:
> Also sprach Petar Bogdanovic (petar@smokva.net)
> 
>>Hello, it's me!
>>
>>I was very delighted, when I discovered /etc/daily. Since then, I get 
>>every day interesting output and I'm also able to customize it trough 
>>/etc/daily.local - also a great feature!
>>
>>I'm just not sure about one detail: the daily insecurity output. On my 
>>NetBSD 2.0.2 box it looks like this:
>>
>>*****************************************
>>Checking special files and directories.
>>etc/dhcpd.conf:
>>	gid (0, 1000)
>>	permissions (0644, 0664)
>>*****************************************
> 
>  
> 
>>The problem is: Why do I get this output every day? I feel, that once, 
>>it should be enought.. but thats just my personal impression.
> 
> 
> The test is invoked by /etc/security. It can be configured by 
> /etc/security.conf, where check_mtree=YES enables the mtree check. 
> 
> /etc/security is invoked with run_security=YES in /etc/daily.conf.
> 
> 
> 
> The fingerprint resides in /etc/mtree/special, so you can manipulate
> this file to the according permissions of etc/dhcpd.conf. 
> Or you simply disable "check_mtree" or move it to weekly.local.
> 
> BTW: I signed /etc/mtree/* with an OpenSSL signature, which is used
> to check the integrity of the mtree database.
>