1 |
Hi |
2 |
|
3 |
I have been using your guide and first thing to say: It is very good! |
4 |
But I've also some ideas of improvement and questions. |
5 |
|
6 |
Daniel Schröter |
7 |
|
8 |
-Suidfiles |
9 |
The script works very well, but the output may confuse a little bit. |
10 |
Why not putting this (from the gentoo-mailinglist) into the guide to avoid confusion or even change the script to not show directories? |
11 |
**begin quote |
12 |
On Wed, 2002-10-02 at 02:51, isaac gouy wrote: |
13 |
> After 1.4.1_rc1 rebuild |
14 |
> using this from the Gentoo Linux Security Guide shows |
15 |
> 199 SUID/SGID files |
16 |
> |
17 |
> /usr/bin/find / -type f \( -perm -004000 -o -perm |
18 |
> -002000 \) -exec ls -lg {} \; 2>/dev/null |
19 |
> >suidfiles.txt |
20 |
> |
21 |
> Most of the files are in /var/cache/edb/dep/ |
22 |
> Can they be deleted? |
23 |
No .. if you look closely its not files but directories .. and |
24 |
directories with the suid bit only means that it inherrits the |
25 |
permissions. |
26 |
**end quote |
27 |
|
28 |
-/etc/login.defs |
29 |
According to the guide I should set LOG_OK_LOGINS to yes. This gives me an errormessage: |
30 |
"configuration error - unknown itme 'LOG_OK_LOGINS' ... |
31 |
and I can't find this option in man login.defs... Did this option just exist in older versions or have I made some mistake?? |
32 |
|
33 |
|
34 |
-/etc/init/procparam |
35 |
In newer gentoo-releases /proc and everything inside has no write permission (555) ->update the script |
36 |
(I know this looks nasty! I hope there is a better solution) |
37 |
/bin/chmod 755 /proc |
38 |
/bin/chmod 755 /proc/sys |
39 |
/bin/chmod 755 /proc/sys/net -R |
40 |
... |
41 |
/bin/chmod 555 /proc/sys/net -R |
42 |
/bin/chmod 555 /proc/sys |
43 |
/bin/chmod 555 /proc |
44 |
|
45 |
|
46 |
-Possible spelling-mistake |
47 |
9.FAQ |
48 |
Answars and questions -> Answers and... |
49 |
|
50 |
-- |
51 |
gentoo-dev@g.o mailing list |