Jump to content
Murda

msec "problem" [solved]

Recommended Posts

Hi.

 

My "problem" is that i don't want to receive those Security Check Reports to my e-mail (only part of them).

I like to get warnings, but when they are only spam:

 

Security Warning: World Writable files found :

  - /tmp/.ICE-unix

  - /tmp/.X11-unix

  - /tmp/.font-unix

  - /tmp/.font-unix/fs-1

  - /var/lib/mysql/mysql.sock

  - /var/run/dbus/system_dbus_socket

  - /var/spool/postfix/dev/log

  - /var/spool/postfix/private/anvil

  - /var/spool/postfix/private/bounce

  - /var/spool/postfix/private/cyrus

  - /var/spool/postfix/private/cyrus-chroot

  - /var/spool/postfix/private/cyrus-deliver

  - /var/spool/postfix/private/cyrus-inet

  - /var/spool/postfix/private/defer

  - /var/spool/postfix/private/error

  - /var/spool/postfix/private/lmtp

  - /var/spool/postfix/private/lmtp-filter

  - /var/spool/postfix/private/local

  - /var/spool/postfix/private/maildrop

  - /var/spool/postfix/private/proxymap

  - /var/spool/postfix/private/relay

  - /var/spool/postfix/private/rewrite

  - /var/spool/postfix/private/smtp

  - /var/spool/postfix/private/smtp-filter

  - /var/spool/postfix/private/tlsmgr

  - /var/spool/postfix/private/trace

  - /var/spool/postfix/private/uucp

  - /var/spool/postfix/private/verify

  - /var/spool/postfix/private/virtual

  - /var/spool/postfix/public/cleanup

  - /var/spool/postfix/public/flush

  - /var/spool/postfix/public/pickup

  - /var/spool/postfix/public/qmgr

  - /var/spool/postfix/public/showq

 

Security Warning: These files belonging to packages are modified on the system :

  - /etc/rc.d/init.d/mandrake_everytime

  - /lib/modules/2.6.11-6mdk/modules.alias

  - /lib/modules/2.6.11-6mdk/modules.dep

  - /lib/modules/2.6.11-6mdk/modules.inputmap

  - /lib/modules/2.6.11-6mdk/modules.isapnpmap

  - /lib/modules/2.6.11-6mdk/modules.pcimap

  - /lib/modules/2.6.11-6mdk/modules.symbols

  - /lib/modules/2.6.11-6mdk/modules.usbmap

  - /usr/X11R6/lib/X11/fonts/TTF/fonts.cache-1

  - /usr/X11R6/lib/X11/fonts/Type1/fonts.cache-1

  - /usr/lib/mozilla-firefox-1.0.2/chrome/installed-chrome.txt

  - /usr/share/fonts/ttf/decoratives/fonts.cache-1

  - /usr/share/fonts/ttf/western/fonts.cache-1

  - /var/lib/rkhunter/db/defaulthashes.dat

  - /var/lib/rkhunter/db/mirrors.dat

  - /var/lib/rkhunter/db/os.dat

  - /var/lib/rkhunter/db/programs_bad.dat

  - /var/lib/rkhunter/db/programs_good.dat

 

Security Warning: These config files belonging to packages are modified on the system :

  - /etc/X11/fs/config

  - /etc/cups/classes.conf

  - /etc/cups/cupsd.conf

  - /etc/cups/printers.conf

  - /etc/host.conf

  - /etc/hotplug/blacklist

  - /etc/httpd/conf/commonhttpd.conf

  - /etc/httpd/conf/httpd2.conf

  - /etc/info-dir

  - /etc/inittab

  - /etc/login.defs

  - /etc/modprobe.conf

  - /etc/modprobe.preload

  - /etc/modules

  - /etc/motd

  - /etc/mtools.conf

  - /etc/my.cnf

  - /etc/oidentd_masq.conf

  - /etc/pam.d/system-auth

  - /etc/postfix/dynamicmaps.cf

  - /etc/postfix/main.cf

  - /etc/printcap

  - /etc/proftpd.conf

  - /etc/qtrc

  - /etc/samba/smb.conf

  - /etc/securetty

  - /etc/security/msec/server.4

  - /etc/shells

  - /etc/shorewall/interfaces

  - /etc/shorewall/policy

  - /etc/shorewall/rules

  - /etc/shorewall/zones

  - /etc/ssh/sshd_config

  - /etc/ssl/webmin/miniserv.pem

  - /etc/sysconfig/bootsplash

  - /etc/sysconfig/harddrake2/previous_hw

  - /etc/sysconfig/msec

  - /etc/sysconfig/rawdevices

  - /etc/sysconfig/syslog

  - /etc/sysconfig/usb

  - /etc/sysctl.conf

  - /etc/syslog.conf

  - /etc/tmdns.conf

  - /etc/xinetd.d/imap

  - /etc/xinetd.d/ipop3

  - /etc/xml/catalog

  - /usr/share/config/kdeglobals

  - /usr/share/config/kdesktoprc

  - /usr/share/config/kdm/kdmrc

  - /usr/share/config/konquerorrc

  - /usr/share/sgml/docbook/xmlcatalog

  - /var/www/html/favicon.ico

  - /var/www/html/robots.txt

 

These come EVERY SINGLE DAY to my e-mail. Is there any way to suppress these?

Those world writable files appear every time i reboot my system. So if i chmod o-w them, they will come back to that list (have tried it :P).

 

And of course files like my httpd2.conf is modified, as i need to set my DocumentRoot and few other things.

I know these files have to be modified to make my system work the way i like.

I think it's just stupid to list those files there that need to be modified.

 

Is there any way to list only "new modified files" and not those that were in the list last time?

I would do it myself, but i just don't know where to look at.

 

I also get rkhunter report there, but it doesn't bother me, just want to know my system is safe.

 

This is my server box.

 

Thanks. Murda.

Edited by Murda

Share this post


Link to post
Share on other sites

Is it logwatch that is sending these e-mails out? You might check

 

more /etc/log.d/logwatch.conf

 

 

# The default detail level for the report.
# This can either be Low, Med, High or a number.
# Low = 0
# Med = 5
# High = 10
Detail = 10

 

I set mine to high, but you can certianly kick it down to low/med

 

Or is it a different app that is doing this?

Share this post


Link to post
Share on other sites

I don't really know. But i'm sure that i don't even have a directory /etc/log.d.

I'm not a Mandriva expert, so i can't know this. :P

Share this post


Link to post
Share on other sites

Open the Mandriva Control Center, Security, Security level and uncheck security warnings. (translated from Dutch so actual wording can be different.)

Share this post


Link to post
Share on other sites
Open the Mandriva Control Center, Security, Security level and uncheck security warnings. (translated from Dutch so actual wording can be different.)

 

Ok, i found it. Unchecking wasn't my solution for this, but there's more options under this Security level place. Just set world writable file check to "No".

Thanks. :)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...