On Thu, 13 Jun 2002, levo wrote: > Hello List ! > > I have the logsentry package installed on myMandrake 8.2 linux macine > > Today I saw some unuasalmessage in log file. > > Ican not assess the severity of this message please help me to understand, > perhaps it came from lisa daemon ? > > I have 2 local windows partitions mounted , but no remote windows partition > was mounted on this station > > Security Violations > =-=-=-=-=-=-=-=-=-= > Jun 12 04:02:01 lab2nmbd[1849]: Got SIGHUP dumping debug info
Not sure exactly. Maybe because somebody issued: /etc/init.d/smb reload > > > Some days ago I saw the next messages but do not treat them seriously, perhaps > I was wrong : > > Jun 10 01:01:11 lab2 msec: changed mode of /var/log/secure.offset from 600 to > 640 > Jun 10 01:01:11 lab2 msec: changed mode of /var/log/messages.offset from 600 > to 640 > > > Security Violations > =-=-=-=-=-=-=-=-=-= > Jun2 05:01:02 llab2 msec: changed mode of /var/log/uucp/Debug from 600 to > 640 > msec is Mandrake SECurity. It is basically a set of scripts to automate some tidious security-related tasks (e.g: mainain permitions and ownerships on certain files and directories, monitor SUID files, monitor world- and grou-writable files etc.). IIRC it has a weekly (daily?) script that goes over permissions and ownerships of certain files and directories and sets them according to some list. IIRC the permissions file is /etc/seciruty/msec/perms.4 (if your "security level" is '4') -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
