On Tue, Aug 20, 2002 at 03:09:50PM -0700, Johannes Graumann wrote:
> # Checking accounts from /etc/passwd.
> --WARN-- [acc001w] Login ID nobody is disabled, but still has a valid
> shell (/bin/sh).
Debian specific. You could probably change the shell to /bin/false
> --WARN-- [acc006w] Login ID mail's home directory (/var/mail) has group
> `mail' write access.
This is normal in any Debian setup and you should leave it as is.
> --WARN-- [acc006w] Login ID nobody's home directory (/home) has group
> `staff' write access.
This is also normal in Debian setups. However, you can change it if you do
not feel it's appropiate.
For some explanation regarding Tiger's issues see: tigexp.
>
> I'm new to the business of system administration and not quite shure on
> how to react to this. A 'chmod'-variety for the first and last? Also: what
> is this 'nobody' user? Program/demon specific? Can I, should I get rid of
> it?
As for
>
> Tiger also complained that
> /sbin/bastille-firewall-reset
> /sbin/bastille-firewall-schedule
> /sbin/bastille-ipchains
> /sbin/bastille-netfilter
> are not supposed to be present - but after 'bastille' setup they are
> supposed to be here. How do I teach this to tiger? I suppose it is doable
> with those 'templates'? Have found no documentation on what that is/how
> itworks/how to set it up and would greatly appreciate any hint concerning
> this.
Templates are easy to do, just copy any report from a module (available
under /var/log/tiger) into /etc/tiger (or /var/log/tiger but it's
deprecated) changing the .out prefix to .template. Remove all the lines
that you *want* to be reported about. The lines that are kept in the
template will *never* be reported.
AFAIK This is documented in tiger(8) (but maybe it's only in the 3.0
version in unstable). Also, keep in mind that the default behavior of
Tiger will be to *only* email you the changes after a given module has
been run (like if the previous run was the template for the next). This
makes it easier to detect changes.
Hope you like it!
Javi
