Gentoo Archives: gentoo-dev

From:	Daniel Schroeter <iaschroe@×××××××.ch>
To:	gentoo-dev@g.o
Subject:	[gentoo-dev] Gentoo Linux Security Guide
Date:	Wed, 13 Nov 2002 18:36:27
Message-Id:	`20021113193535.2661057a.iaschroe@hta.fhz.ch`

1	Hi
2
3	I have been using your guide and first thing to say: It is very good!
4	But I've also some ideas of improvement and questions.
5
6	Daniel Schröter
7
8	-Suidfiles
9	The script works very well, but the output may confuse a little bit.
10	Why not putting this (from the gentoo-mailinglist) into the guide to avoid confusion or even change the script to not show directories?
11	**begin quote
12	On Wed, 2002-10-02 at 02:51, isaac gouy wrote:
13	> After 1.4.1_rc1 rebuild
14	> using this from the Gentoo Linux Security Guide shows
15	> 199 SUID/SGID files
16	>
17	> /usr/bin/find / -type f \( -perm -004000 -o -perm
18	> -002000 \) -exec ls -lg {} \; 2>/dev/null
19	> >suidfiles.txt
20	>
21	> Most of the files are in /var/cache/edb/dep/
22	> Can they be deleted?
23	No .. if you look closely its not files but directories .. and
24	directories with the suid bit only means that it inherrits the
25	permissions.
26	**end quote
27
28	-/etc/login.defs
29	According to the guide I should set LOG_OK_LOGINS to yes. This gives me an errormessage:
30	"configuration error - unknown itme 'LOG_OK_LOGINS' ...
31	and I can't find this option in man login.defs... Did this option just exist in older versions or have I made some mistake??
32
33
34	-/etc/init/procparam
35	In newer gentoo-releases /proc and everything inside has no write permission (555) ->update the script
36	(I know this looks nasty! I hope there is a better solution)
37	/bin/chmod 755 /proc
38	/bin/chmod 755 /proc/sys
39	/bin/chmod 755 /proc/sys/net -R
40	...
41	/bin/chmod 555 /proc/sys/net -R
42	/bin/chmod 555 /proc/sys
43	/bin/chmod 555 /proc
44
45
46	-Possible spelling-mistake
47	9.FAQ
48	Answars and questions -> Answers and...
49
50	--
51	gentoo-dev@g.o mailing list

Report Message

Find on MARC Find on Google Groups