David Relson wrote: > > The complications go far beyond this! > > Script /etc/sysconfig/msec defines security level and umasks. Mine > looks like: > > UMASK_ROOT=022 > SECURE_LEVEL=3 > UMASK_USER=022 > TMOUT=0 > > Every day at 04:02, as part of /etc/cron.daily, script > /usr/share/msec/security.sh is run. Using UMASK_ROOT, in > /var/log/security the script creates the *.today files > (unowned_group.today, unowned_user.today, writeable.today, etc). These > files are created with 0644 permissions (-rw-r--r--). > > Then at 05:01, as part of /etc/cron.hourly, script /usr/sbin/msec is run > and complains: > > Unusual System Events > =-=-=-=-=-=-=-=-=-=-= > May 22 05:02:18 osage msec: changed mode of > /var/log/security/open_port.today from 644 to 640 > May 22 05:02:18 osage msec: changed mode of > /var/log/security/suid_root.today from 644 to 640 > May 22 05:02:18 osage msec: changed mode of > /var/log/security/suid_group.today from 644 to 640 > May 22 05:02:18 osage msec: changed mode of > /var/log/security/unowned_group.today from 644 to 640 > May 22 05:02:18 osage msec: changed mode of > /var/log/security/writeable.today from 644 to 640 > > The expected value of 640 varies according to security level, with level > 1 having 644, levels 2 and 3 using 640, and levels 4 and 5 using 600. > Here're two sets of patches for creating proper permissions for these > files. The first method generates the ROOT_UMASK statement from values > stored in an array and the second method generates the ROOT_UMASK > statement using nested if statements. > > Please fix msec!!! I don't care if you use one of these patches, or an > alternative method, but please DO fix msec. >
David, Now this is a bit strange. I have the same values set in my "/etc/sysconfig/msec" file as you have in your file, and I am running the same cron jobs as you. So far, so good, but the files created in "/var/log/security" are all being created with 640 perms on my system. As a matter of fact, with a UMASK of 022, you would expect 640 perms on these files. Now, what gives, and why are your files created with 644 perms? It sounds as though your system is a hybrid mixture of both level 1 and level 3. I guess we should wonder what others are finding on their system. I would hope they do so before blindly installing your script. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
