security check by msec

[aioshin]

Security Warning: World Writable files found :

  - /tmp/.ICE-unix

  - /tmp/.X11-unix

  - /tmp/.X11-unix/X0

  - /tmp/.font-unix

  - /tmp/.font-unix/fs-1

  - /var/apache-mm

  - /var/run/xdmctl/dmctl-:0/socket

  - /var/run/xdmctl/dmctl/socket

  - /var/spool/hylafax/dev/null

  - /var/spool/postfix/dev/log

  - /var/spool/postfix/private/anvil

  - /var/spool/postfix/private/bounce

  - /var/spool/postfix/private/cyrus

  - /var/spool/postfix/private/cyrus-chroot

  - /var/spool/postfix/private/cyrus-deliver

  - /var/spool/postfix/private/cyrus-inet

  - /var/spool/postfix/private/defer

  - /var/spool/postfix/private/error

  - /var/spool/postfix/private/lmtp

  - /var/spool/postfix/private/lmtp-filter

  - /var/spool/postfix/private/local

  - /var/spool/postfix/private/maildrop

  - /var/spool/postfix/private/proxymap

  - /var/spool/postfix/private/relay

  - /var/spool/postfix/private/rewrite

  - /var/spool/postfix/private/smtp

  - /var/spool/postfix/private/smtp-filter

  - /var/spool/postfix/private/tlsmgr

  - /var/spool/postfix/private/trace

  - /var/spool/postfix/private/uucp

  - /var/spool/postfix/private/verify

  - /var/spool/postfix/private/virtual

  - /var/spool/postfix/public/cleanup

  - /var/spool/postfix/public/flush

  - /var/spool/postfix/public/pickup

  - /var/spool/postfix/public/qmgr

  - /var/spool/postfix/public/showq

  - /var/spool/samba

 

got this security warning from msec, just dont know how come they became world writable.... #chmod o-wr them anyway... but should those files be world writable?

[kristi1]

I believe that's from anacron and I believe that's correct - Also thanks for bringing it up - I forgot to install anacron when I put up 2005A.

Kristi

 

EDIT - how did you chmod them as a group ? or did you do it singly? tia

Edited June 14, 2005 by kristi1

[aioshin]

those files are owned by user/group postfix, so #chmod o-wr -R .../private, I just remove the RW capability of others on that dir and all files on it... thus leaving it RW of user/group postfix..

 

anyway, what do u mean by "I blieve, that's correct" Kristi, you mean, thus files should be world writable?

[kristi1]

those files are owned by user/group postfix, so #chmod o-wr -R .../private, I just remove the RW capability of others on that dir and all files on it... thus leaving it RW of user/group postfix..

 

anyway, what do u mean by "I blieve, that's correct" Kristi, you mean, thus files should be world writable?

<{POST_SNAPBACK}>

 

To be more correct, I should have said I believe I get that too. I will take your action when I get such a list to see what happens, but right now msec/anacron does not appear to be doind anything opn my system - either that or I have a perfect system

Thanks for your reply.

Kristi

 

EDIT - yeah finally cajoled them out

 World Writable files found :
                - /home/kristi/.kde/share/apps/kicker/Kfind.desktop
                - /home/kristi/.kde/share/apps/kicker/klamav.desktop
                - /nwng/nwclient129.tar.gz
                - /nwng/nwn/linuxclientupdate1xxto165eng.tar.gz
                - /nwng/nwn/nwclient129.tar.gz
                - /nwng/nwresources129.tar.gz
                - /sys/module/tuner/parameters/pal
                - /tmp/.ICE-unix
                - /tmp/.X11-unix
                - /tmp/.X11-unix/X0
                - /tmp/.font-unix
                - /tmp/.font-unix/fs-1
                - /var/lib/texmf
                - /var/lib/texmf/ls-R
                - /var/run/dbus/system_dbus_socket
                - /var/run/sdp
                - /var/run/xdmctl/dmctl-:0/socket
                - /var/run/xdmctl/dmctl/socket
                - /var/spool/postfix/dev/log
                - /var/spool/postfix/private/anvil
                - /var/spool/postfix/private/bounce
                - /var/spool/postfix/private/cyrus
                - /var/spool/postfix/private/cyrus-chroot
                - /var/spool/postfix/private/cyrus-deliver
                - /var/spool/postfix/private/cyrus-inet
                - /var/spool/postfix/private/defer
                - /var/spool/postfix/private/error
                - /var/spool/postfix/private/lmtp
                - /var/spool/postfix/private/lmtp-filter
                - /var/spool/postfix/private/local
                - /var/spool/postfix/private/maildrop
                - /var/spool/postfix/private/proxymap
                - /var/spool/postfix/private/relay
                - /var/spool/postfix/private/rewrite
                - /var/spool/postfix/private/smtp
                - /var/spool/postfix/private/smtp-filter
                - /var/spool/postfix/private/tlsmgr
                - /var/spool/postfix/private/trace
                - /var/spool/postfix/private/uucp
                - /var/spool/postfix/private/verify
                - /var/spool/postfix/private/virtual
                - /var/spool/postfix/public/cleanup
                - /var/spool/postfix/public/flush
                - /var/spool/postfix/public/pickup
                - /var/spool/postfix/public/qmgr
                - /var/spool/postfix/public/showq
                - /var/spool/spamassassin
                - /var/spool/spamassassin/auto-whitelist
                - /var/spool/spamassassin/auto-whitelist.db
                - /work
                - /work/bittorrent

and I am suspecting that they are that war to allow root, mail, and user to access them, without knowing who the user will be at install time. They are owned by root, so I suspect a new group which includes root and user and mail (like staff, which I don't think I have added yot, would then allow them to be non wr. By the way, I ran your chmod and it didn't seem to make any difference in the permissions per konqueror.

[root@c-65-96-162-92 ~]# cd /var/spool/postfix chmod o-wr -R .../private
[root@c-65-96-162-92 postfix]#

I've got to go out but I'll look in later. I am not getting reply to post notices, are you?

Kristi#

later.

Edited June 14, 2005 by kristi1

[aioshin]

#chmod o-wr -R .../private

sorry for this kristi, It should be

[root@c-65-96-162-92 ~]#chmod o-wr -R /var/spool/postfix/private

without / at the end, so rw on all files on it will be remove.... but....., though I did that yesterday and succesfully altered the file permission, just a while ago, when I checked that files, all of the files are now world writable again, might be that the default permision of those files are 777 and when the system rebooted, it just reset back to its default, but why msec alerted me as security warning, does msec dont know how to recognize the default permissions of the system, of I just dont know what Im doing?

Edited June 15, 2005 by aioshin

[Guest haans_gruber]

Add the following to /etc/security/msec/security.conf and it will suppress the world-writable warnings [Mandriva 2005LE security setting = higher].

 

EXCLUDE_REGEXP='^/tmp/\..*-unix' 
EXCLUDE_REGEXP=${EXCLUDE_REGEXP}'\|^/var/apache-mm' 
EXCLUDE_REGEXP=${EXCLUDE_REGEXP}'\|^/var/run/dbus/system_dbus_socket' 
EXCLUDE_REGEXP=${EXCLUDE_REGEXP}'\|^/var/spool/postfix' 
EXCLUDE_REGEXP=${EXCLUDE_REGEXP}'\|^/var/spool/samba'

[aioshin]

and the other way of stopping it...

 

open #draksec

 

see attched..

 

then to periodic check, just press the arrow down and select "yes", "no", and "default"...

Edited December 15, 2005 by aioshin