Subject: Re: the daily repeat of the 'daily insecurity output'
To: Stefan 'Kaishakunin' Schumacher <stefan@net-tex.de>
From: Petar Bogdanovic <netbsd.2005@smokva.net>
List: netbsd-users
Date: 09/12/2005 14:20:03
Great, thanx! :)
Stefan 'Kaishakunin' Schumacher wrote:
> Also sprach Petar Bogdanovic (petar@smokva.net)
>
>>Hello, it's me!
>>
>>I was very delighted, when I discovered /etc/daily. Since then, I get
>>every day interesting output and I'm also able to customize it trough
>>/etc/daily.local - also a great feature!
>>
>>I'm just not sure about one detail: the daily insecurity output. On my
>>NetBSD 2.0.2 box it looks like this:
>>
>>*****************************************
>>Checking special files and directories.
>>etc/dhcpd.conf:
>> gid (0, 1000)
>> permissions (0644, 0664)
>>*****************************************
>
>
>
>>The problem is: Why do I get this output every day? I feel, that once,
>>it should be enought.. but thats just my personal impression.
>
>
> The test is invoked by /etc/security. It can be configured by
> /etc/security.conf, where check_mtree=YES enables the mtree check.
>
> /etc/security is invoked with run_security=YES in /etc/daily.conf.
>
>
>
> The fingerprint resides in /etc/mtree/special, so you can manipulate
> this file to the according permissions of etc/dhcpd.conf.
> Or you simply disable "check_mtree" or move it to weekly.local.
>
> BTW: I signed /etc/mtree/* with an OpenSSL signature, which is used
> to check the integrity of the mtree database.
>