Murda Posted October 7, 2005 Share Posted October 7, 2005 (edited) Hi. My "problem" is that i don't want to receive those Security Check Reports to my e-mail (only part of them). I like to get warnings, but when they are only spam: Security Warning: World Writable files found : - /tmp/.ICE-unix - /tmp/.X11-unix - /tmp/.font-unix - /tmp/.font-unix/fs-1 - /var/lib/mysql/mysql.sock - /var/run/dbus/system_dbus_socket - /var/spool/postfix/dev/log - /var/spool/postfix/private/anvil - /var/spool/postfix/private/bounce - /var/spool/postfix/private/cyrus - /var/spool/postfix/private/cyrus-chroot - /var/spool/postfix/private/cyrus-deliver - /var/spool/postfix/private/cyrus-inet - /var/spool/postfix/private/defer - /var/spool/postfix/private/error - /var/spool/postfix/private/lmtp - /var/spool/postfix/private/lmtp-filter - /var/spool/postfix/private/local - /var/spool/postfix/private/maildrop - /var/spool/postfix/private/proxymap - /var/spool/postfix/private/relay - /var/spool/postfix/private/rewrite - /var/spool/postfix/private/smtp - /var/spool/postfix/private/smtp-filter - /var/spool/postfix/private/tlsmgr - /var/spool/postfix/private/trace - /var/spool/postfix/private/uucp - /var/spool/postfix/private/verify - /var/spool/postfix/private/virtual - /var/spool/postfix/public/cleanup - /var/spool/postfix/public/flush - /var/spool/postfix/public/pickup - /var/spool/postfix/public/qmgr - /var/spool/postfix/public/showq Security Warning: These files belonging to packages are modified on the system : - /etc/rc.d/init.d/mandrake_everytime - /lib/modules/2.6.11-6mdk/modules.alias - /lib/modules/2.6.11-6mdk/modules.dep - /lib/modules/2.6.11-6mdk/modules.inputmap - /lib/modules/2.6.11-6mdk/modules.isapnpmap - /lib/modules/2.6.11-6mdk/modules.pcimap - /lib/modules/2.6.11-6mdk/modules.symbols - /lib/modules/2.6.11-6mdk/modules.usbmap - /usr/X11R6/lib/X11/fonts/TTF/fonts.cache-1 - /usr/X11R6/lib/X11/fonts/Type1/fonts.cache-1 - /usr/lib/mozilla-firefox-1.0.2/chrome/installed-chrome.txt - /usr/share/fonts/ttf/decoratives/fonts.cache-1 - /usr/share/fonts/ttf/western/fonts.cache-1 - /var/lib/rkhunter/db/defaulthashes.dat - /var/lib/rkhunter/db/mirrors.dat - /var/lib/rkhunter/db/os.dat - /var/lib/rkhunter/db/programs_bad.dat - /var/lib/rkhunter/db/programs_good.dat Security Warning: These config files belonging to packages are modified on the system : - /etc/X11/fs/config - /etc/cups/classes.conf - /etc/cups/cupsd.conf - /etc/cups/printers.conf - /etc/host.conf - /etc/hotplug/blacklist - /etc/httpd/conf/commonhttpd.conf - /etc/httpd/conf/httpd2.conf - /etc/info-dir - /etc/inittab - /etc/login.defs - /etc/modprobe.conf - /etc/modprobe.preload - /etc/modules - /etc/motd - /etc/mtools.conf - /etc/my.cnf - /etc/oidentd_masq.conf - /etc/pam.d/system-auth - /etc/postfix/dynamicmaps.cf - /etc/postfix/main.cf - /etc/printcap - /etc/proftpd.conf - /etc/qtrc - /etc/samba/smb.conf - /etc/securetty - /etc/security/msec/server.4 - /etc/shells - /etc/shorewall/interfaces - /etc/shorewall/policy - /etc/shorewall/rules - /etc/shorewall/zones - /etc/ssh/sshd_config - /etc/ssl/webmin/miniserv.pem - /etc/sysconfig/bootsplash - /etc/sysconfig/harddrake2/previous_hw - /etc/sysconfig/msec - /etc/sysconfig/rawdevices - /etc/sysconfig/syslog - /etc/sysconfig/usb - /etc/sysctl.conf - /etc/syslog.conf - /etc/tmdns.conf - /etc/xinetd.d/imap - /etc/xinetd.d/ipop3 - /etc/xml/catalog - /usr/share/config/kdeglobals - /usr/share/config/kdesktoprc - /usr/share/config/kdm/kdmrc - /usr/share/config/konquerorrc - /usr/share/sgml/docbook/xmlcatalog - /var/www/html/favicon.ico - /var/www/html/robots.txt These come EVERY SINGLE DAY to my e-mail. Is there any way to suppress these? Those world writable files appear every time i reboot my system. So if i chmod o-w them, they will come back to that list (have tried it :P). And of course files like my httpd2.conf is modified, as i need to set my DocumentRoot and few other things. I know these files have to be modified to make my system work the way i like. I think it's just stupid to list those files there that need to be modified. Is there any way to list only "new modified files" and not those that were in the list last time? I would do it myself, but i just don't know where to look at. I also get rkhunter report there, but it doesn't bother me, just want to know my system is safe. This is my server box. Thanks. Murda. Edited October 11, 2005 by Murda Link to comment Share on other sites More sharing options...
jlc Posted October 8, 2005 Share Posted October 8, 2005 Is it logwatch that is sending these e-mails out? You might check more /etc/log.d/logwatch.conf # The default detail level for the report. # This can either be Low, Med, High or a number. # Low = 0 # Med = 5 # High = 10 Detail = 10 I set mine to high, but you can certianly kick it down to low/med Or is it a different app that is doing this? Link to comment Share on other sites More sharing options...
Murda Posted October 9, 2005 Author Share Posted October 9, 2005 I don't really know. But i'm sure that i don't even have a directory /etc/log.d. I'm not a Mandriva expert, so i can't know this. :P Link to comment Share on other sites More sharing options...
devries Posted October 9, 2005 Share Posted October 9, 2005 Open the Mandriva Control Center, Security, Security level and uncheck security warnings. (translated from Dutch so actual wording can be different.) Link to comment Share on other sites More sharing options...
Murda Posted October 11, 2005 Author Share Posted October 11, 2005 Open the Mandriva Control Center, Security, Security level and uncheck security warnings. (translated from Dutch so actual wording can be different.) <{POST_SNAPBACK}> Ok, i found it. Unchecking wasn't my solution for this, but there's more options under this Security level place. Just set world writable file check to "No". Thanks. :) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now