aioshin Posted June 14, 2005 Report Share Posted June 14, 2005 Security Warning: World Writable files found : - /tmp/.ICE-unix - /tmp/.X11-unix - /tmp/.X11-unix/X0 - /tmp/.font-unix - /tmp/.font-unix/fs-1 - /var/apache-mm - /var/run/xdmctl/dmctl-:0/socket - /var/run/xdmctl/dmctl/socket - /var/spool/hylafax/dev/null - /var/spool/postfix/dev/log - /var/spool/postfix/private/anvil - /var/spool/postfix/private/bounce - /var/spool/postfix/private/cyrus - /var/spool/postfix/private/cyrus-chroot - /var/spool/postfix/private/cyrus-deliver - /var/spool/postfix/private/cyrus-inet - /var/spool/postfix/private/defer - /var/spool/postfix/private/error - /var/spool/postfix/private/lmtp - /var/spool/postfix/private/lmtp-filter - /var/spool/postfix/private/local - /var/spool/postfix/private/maildrop - /var/spool/postfix/private/proxymap - /var/spool/postfix/private/relay - /var/spool/postfix/private/rewrite - /var/spool/postfix/private/smtp - /var/spool/postfix/private/smtp-filter - /var/spool/postfix/private/tlsmgr - /var/spool/postfix/private/trace - /var/spool/postfix/private/uucp - /var/spool/postfix/private/verify - /var/spool/postfix/private/virtual - /var/spool/postfix/public/cleanup - /var/spool/postfix/public/flush - /var/spool/postfix/public/pickup - /var/spool/postfix/public/qmgr - /var/spool/postfix/public/showq - /var/spool/samba got this security warning from msec, just dont know how come they became world writable.... #chmod o-wr them anyway... but should those files be world writable? Quote Link to comment Share on other sites More sharing options...
kristi1 Posted June 14, 2005 Report Share Posted June 14, 2005 (edited) I believe that's from anacron and I believe that's correct - Also thanks for bringing it up - I forgot to install anacron when I put up 2005A. Kristi EDIT - how did you chmod them as a group ? or did you do it singly? tia Edited June 14, 2005 by kristi1 Quote Link to comment Share on other sites More sharing options...
aioshin Posted June 14, 2005 Author Report Share Posted June 14, 2005 those files are owned by user/group postfix, so #chmod o-wr -R .../private, I just remove the RW capability of others on that dir and all files on it... thus leaving it RW of user/group postfix.. anyway, what do u mean by "I blieve, that's correct" Kristi, you mean, thus files should be world writable? Quote Link to comment Share on other sites More sharing options...
kristi1 Posted June 14, 2005 Report Share Posted June 14, 2005 (edited) those files are owned by user/group postfix, so #chmod o-wr -R .../private, I just remove the RW capability of others on that dir and all files on it... thus leaving it RW of user/group postfix.. anyway, what do u mean by "I blieve, that's correct" Kristi, you mean, thus files should be world writable? <{POST_SNAPBACK}> To be more correct, I should have said I believe I get that too. I will take your action when I get such a list to see what happens, but right now msec/anacron does not appear to be doind anything opn my system - either that or I have a perfect system Thanks for your reply. Kristi EDIT - yeah finally cajoled them out World Writable files found : - /home/kristi/.kde/share/apps/kicker/Kfind.desktop - /home/kristi/.kde/share/apps/kicker/klamav.desktop - /nwng/nwclient129.tar.gz - /nwng/nwn/linuxclientupdate1xxto165eng.tar.gz - /nwng/nwn/nwclient129.tar.gz - /nwng/nwresources129.tar.gz - /sys/module/tuner/parameters/pal - /tmp/.ICE-unix - /tmp/.X11-unix - /tmp/.X11-unix/X0 - /tmp/.font-unix - /tmp/.font-unix/fs-1 - /var/lib/texmf - /var/lib/texmf/ls-R - /var/run/dbus/system_dbus_socket - /var/run/sdp - /var/run/xdmctl/dmctl-:0/socket - /var/run/xdmctl/dmctl/socket - /var/spool/postfix/dev/log - /var/spool/postfix/private/anvil - /var/spool/postfix/private/bounce - /var/spool/postfix/private/cyrus - /var/spool/postfix/private/cyrus-chroot - /var/spool/postfix/private/cyrus-deliver - /var/spool/postfix/private/cyrus-inet - /var/spool/postfix/private/defer - /var/spool/postfix/private/error - /var/spool/postfix/private/lmtp - /var/spool/postfix/private/lmtp-filter - /var/spool/postfix/private/local - /var/spool/postfix/private/maildrop - /var/spool/postfix/private/proxymap - /var/spool/postfix/private/relay - /var/spool/postfix/private/rewrite - /var/spool/postfix/private/smtp - /var/spool/postfix/private/smtp-filter - /var/spool/postfix/private/tlsmgr - /var/spool/postfix/private/trace - /var/spool/postfix/private/uucp - /var/spool/postfix/private/verify - /var/spool/postfix/private/virtual - /var/spool/postfix/public/cleanup - /var/spool/postfix/public/flush - /var/spool/postfix/public/pickup - /var/spool/postfix/public/qmgr - /var/spool/postfix/public/showq - /var/spool/spamassassin - /var/spool/spamassassin/auto-whitelist - /var/spool/spamassassin/auto-whitelist.db - /work - /work/bittorrent and I am suspecting that they are that war to allow root, mail, and user to access them, without knowing who the user will be at install time. They are owned by root, so I suspect a new group which includes root and user and mail (like staff, which I don't think I have added yot, would then allow them to be non wr. By the way, I ran your chmod and it didn't seem to make any difference in the permissions per konqueror. [root@c-65-96-162-92 ~]# cd /var/spool/postfix chmod o-wr -R .../private [root@c-65-96-162-92 postfix]# I've got to go out but I'll look in later. I am not getting reply to post notices, are you? Kristi# later. Edited June 14, 2005 by kristi1 Quote Link to comment Share on other sites More sharing options...
aioshin Posted June 15, 2005 Author Report Share Posted June 15, 2005 (edited) #chmod o-wr -R .../private sorry for this kristi, It should be [root@c-65-96-162-92 ~]#chmod o-wr -R /var/spool/postfix/private without / at the end, so rw on all files on it will be remove.... but....., though I did that yesterday and succesfully altered the file permission, just a while ago, when I checked that files, all of the files are now world writable again, might be that the default permision of those files are 777 and when the system rebooted, it just reset back to its default, but why msec alerted me as security warning, does msec dont know how to recognize the default permissions of the system, of I just dont know what Im doing? Edited June 15, 2005 by aioshin Quote Link to comment Share on other sites More sharing options...
Guest haans_gruber Posted December 14, 2005 Report Share Posted December 14, 2005 Add the following to /etc/security/msec/security.conf and it will suppress the world-writable warnings [Mandriva 2005LE security setting = higher]. EXCLUDE_REGEXP='^/tmp/\..*-unix' EXCLUDE_REGEXP=${EXCLUDE_REGEXP}'\|^/var/apache-mm' EXCLUDE_REGEXP=${EXCLUDE_REGEXP}'\|^/var/run/dbus/system_dbus_socket' EXCLUDE_REGEXP=${EXCLUDE_REGEXP}'\|^/var/spool/postfix' EXCLUDE_REGEXP=${EXCLUDE_REGEXP}'\|^/var/spool/samba' Quote Link to comment Share on other sites More sharing options...
aioshin Posted December 15, 2005 Author Report Share Posted December 15, 2005 (edited) and the other way of stopping it... open #draksec see attched.. then to periodic check, just press the arrow down and select "yes", "no", and "default"... Edited December 15, 2005 by aioshin Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.