msec "problem" [solved]

[Murda 0]

Hi.

 

My "problem" is that i don't want to receive those Security Check Reports to my e-mail (only part of them).

I like to get warnings, but when they are only spam:

 

Security Warning: World Writable files found :

  - /tmp/.ICE-unix

  - /tmp/.X11-unix

  - /tmp/.font-unix

  - /tmp/.font-unix/fs-1

  - /var/lib/mysql/mysql.sock

  - /var/run/dbus/system_dbus_socket

  - /var/spool/postfix/dev/log

  - /var/spool/postfix/private/anvil

  - /var/spool/postfix/private/bounce

  - /var/spool/postfix/private/cyrus

  - /var/spool/postfix/private/cyrus-chroot

  - /var/spool/postfix/private/cyrus-deliver

  - /var/spool/postfix/private/cyrus-inet

  - /var/spool/postfix/private/defer

  - /var/spool/postfix/private/error

  - /var/spool/postfix/private/lmtp

  - /var/spool/postfix/private/lmtp-filter

  - /var/spool/postfix/private/local

  - /var/spool/postfix/private/maildrop

  - /var/spool/postfix/private/proxymap

  - /var/spool/postfix/private/relay

  - /var/spool/postfix/private/rewrite

  - /var/spool/postfix/private/smtp

  - /var/spool/postfix/private/smtp-filter

  - /var/spool/postfix/private/tlsmgr

  - /var/spool/postfix/private/trace

  - /var/spool/postfix/private/uucp

  - /var/spool/postfix/private/verify

  - /var/spool/postfix/private/virtual

  - /var/spool/postfix/public/cleanup

  - /var/spool/postfix/public/flush

  - /var/spool/postfix/public/pickup

  - /var/spool/postfix/public/qmgr

  - /var/spool/postfix/public/showq

 

Security Warning: These files belonging to packages are modified on the system :

  - /etc/rc.d/init.d/mandrake_everytime

  - /lib/modules/2.6.11-6mdk/modules.alias

  - /lib/modules/2.6.11-6mdk/modules.dep

  - /lib/modules/2.6.11-6mdk/modules.inputmap

  - /lib/modules/2.6.11-6mdk/modules.isapnpmap

  - /lib/modules/2.6.11-6mdk/modules.pcimap

  - /lib/modules/2.6.11-6mdk/modules.symbols

  - /lib/modules/2.6.11-6mdk/modules.usbmap

  - /usr/X11R6/lib/X11/fonts/TTF/fonts.cache-1

  - /usr/X11R6/lib/X11/fonts/Type1/fonts.cache-1

  - /usr/lib/mozilla-firefox-1.0.2/chrome/installed-chrome.txt

  - /usr/share/fonts/ttf/decoratives/fonts.cache-1

  - /usr/share/fonts/ttf/western/fonts.cache-1

  - /var/lib/rkhunter/db/defaulthashes.dat

  - /var/lib/rkhunter/db/mirrors.dat

  - /var/lib/rkhunter/db/os.dat

  - /var/lib/rkhunter/db/programs_bad.dat

  - /var/lib/rkhunter/db/programs_good.dat

 

Security Warning: These config files belonging to packages are modified on the system :

  - /etc/X11/fs/config

  - /etc/cups/classes.conf

  - /etc/cups/cupsd.conf

  - /etc/cups/printers.conf

  - /etc/host.conf

  - /etc/hotplug/blacklist

  - /etc/httpd/conf/commonhttpd.conf

  - /etc/httpd/conf/httpd2.conf

  - /etc/info-dir

  - /etc/inittab

  - /etc/login.defs

  - /etc/modprobe.conf

  - /etc/modprobe.preload

  - /etc/modules

  - /etc/motd

  - /etc/mtools.conf

  - /etc/my.cnf

  - /etc/oidentd_masq.conf

  - /etc/pam.d/system-auth

  - /etc/postfix/dynamicmaps.cf

  - /etc/postfix/main.cf

  - /etc/printcap

  - /etc/proftpd.conf

  - /etc/qtrc

  - /etc/samba/smb.conf

  - /etc/securetty

  - /etc/security/msec/server.4

  - /etc/shells

  - /etc/shorewall/interfaces

  - /etc/shorewall/policy

  - /etc/shorewall/rules

  - /etc/shorewall/zones

  - /etc/ssh/sshd_config

  - /etc/ssl/webmin/miniserv.pem

  - /etc/sysconfig/bootsplash

  - /etc/sysconfig/harddrake2/previous_hw

  - /etc/sysconfig/msec

  - /etc/sysconfig/rawdevices

  - /etc/sysconfig/syslog

  - /etc/sysconfig/usb

  - /etc/sysctl.conf

  - /etc/syslog.conf

  - /etc/tmdns.conf

  - /etc/xinetd.d/imap

  - /etc/xinetd.d/ipop3

  - /etc/xml/catalog

  - /usr/share/config/kdeglobals

  - /usr/share/config/kdesktoprc

  - /usr/share/config/kdm/kdmrc

  - /usr/share/config/konquerorrc

  - /usr/share/sgml/docbook/xmlcatalog

  - /var/www/html/favicon.ico

  - /var/www/html/robots.txt

 

These come EVERY SINGLE DAY to my e-mail. Is there any way to suppress these?

Those world writable files appear every time i reboot my system. So if i chmod o-w them, they will come back to that list (have tried it :P).

 

And of course files like my httpd2.conf is modified, as i need to set my DocumentRoot and few other things.

I know these files have to be modified to make my system work the way i like.

I think it's just stupid to list those files there that need to be modified.

 

Is there any way to list only "new modified files" and not those that were in the list last time?

I would do it myself, but i just don't know where to look at.

 

I also get rkhunter report there, but it doesn't bother me, just want to know my system is safe.

 

This is my server box.

 

Thanks. Murda.

Edited October 11, 2005 by Murda

[jlc 0]

Is it logwatch that is sending these e-mails out? You might check

 

more /etc/log.d/logwatch.conf

 

 

# The default detail level for the report.
# This can either be Low, Med, High or a number.
# Low = 0
# Med = 5
# High = 10
Detail = 10

 

I set mine to high, but you can certianly kick it down to low/med

 

Or is it a different app that is doing this?

[Murda 0]

I don't really know. But i'm sure that i don't even have a directory /etc/log.d.

I'm not a Mandriva expert, so i can't know this. :P

[devries 0]

Open the Mandriva Control Center, Security, Security level and uncheck security warnings. (translated from Dutch so actual wording can be different.)

[Murda 0]

Open the Mandriva Control Center, Security, Security level and uncheck security warnings. (translated from Dutch so actual wording can be different.)

<{POST_SNAPBACK}>

 

Ok, i found it. Unchecking wasn't my solution for this, but there's more options under this Security level place. Just set world writable file check to "No".

Thanks. :)