Murda Posted October 7, 2005 Report Share Posted October 7, 2005 (edited) Hi. My "problem" is that i don't want to receive those Security Check Reports to my e-mail (only part of them). I like to get warnings, but when they are only spam: Security Warning: World Writable files found : - /tmp/.ICE-unix - /tmp/.X11-unix - /tmp/.font-unix - /tmp/.font-unix/fs-1 - /var/lib/mysql/mysql.sock - /var/run/dbus/system_dbus_socket - /var/spool/postfix/dev/log - /var/spool/postfix/private/anvil - /var/spool/postfix/private/bounce - /var/spool/postfix/private/cyrus - /var/spool/postfix/private/cyrus-chroot - /var/spool/postfix/private/cyrus-deliver - /var/spool/postfix/private/cyrus-inet - /var/spool/postfix/private/defer - /var/spool/postfix/private/error - /var/spool/postfix/private/lmtp - /var/spool/postfix/private/lmtp-filter - /var/spool/postfix/private/local - /var/spool/postfix/private/maildrop - /var/spool/postfix/private/proxymap - /var/spool/postfix/private/relay - /var/spool/postfix/private/rewrite - /var/spool/postfix/private/smtp - /var/spool/postfix/private/smtp-filter - /var/spool/postfix/private/tlsmgr - /var/spool/postfix/private/trace - /var/spool/postfix/private/uucp - /var/spool/postfix/private/verify - /var/spool/postfix/private/virtual - /var/spool/postfix/public/cleanup - /var/spool/postfix/public/flush - /var/spool/postfix/public/pickup - /var/spool/postfix/public/qmgr - /var/spool/postfix/public/showq Security Warning: These files belonging to packages are modified on the system : - /etc/rc.d/init.d/mandrake_everytime - /lib/modules/2.6.11-6mdk/modules.alias - /lib/modules/2.6.11-6mdk/modules.dep - /lib/modules/2.6.11-6mdk/modules.inputmap - /lib/modules/2.6.11-6mdk/modules.isapnpmap - /lib/modules/2.6.11-6mdk/modules.pcimap - /lib/modules/2.6.11-6mdk/modules.symbols - /lib/modules/2.6.11-6mdk/modules.usbmap - /usr/X11R6/lib/X11/fonts/TTF/fonts.cache-1 - /usr/X11R6/lib/X11/fonts/Type1/fonts.cache-1 - /usr/lib/mozilla-firefox-1.0.2/chrome/installed-chrome.txt - /usr/share/fonts/ttf/decoratives/fonts.cache-1 - /usr/share/fonts/ttf/western/fonts.cache-1 - /var/lib/rkhunter/db/defaulthashes.dat - /var/lib/rkhunter/db/mirrors.dat - /var/lib/rkhunter/db/os.dat - /var/lib/rkhunter/db/programs_bad.dat - /var/lib/rkhunter/db/programs_good.dat Security Warning: These config files belonging to packages are modified on the system : - /etc/X11/fs/config - /etc/cups/classes.conf - /etc/cups/cupsd.conf - /etc/cups/printers.conf - /etc/host.conf - /etc/hotplug/blacklist - /etc/httpd/conf/commonhttpd.conf - /etc/httpd/conf/httpd2.conf - /etc/info-dir - /etc/inittab - /etc/login.defs - /etc/modprobe.conf - /etc/modprobe.preload - /etc/modules - /etc/motd - /etc/mtools.conf - /etc/my.cnf - /etc/oidentd_masq.conf - /etc/pam.d/system-auth - /etc/postfix/dynamicmaps.cf - /etc/postfix/main.cf - /etc/printcap - /etc/proftpd.conf - /etc/qtrc - /etc/samba/smb.conf - /etc/securetty - /etc/security/msec/server.4 - /etc/shells - /etc/shorewall/interfaces - /etc/shorewall/policy - /etc/shorewall/rules - /etc/shorewall/zones - /etc/ssh/sshd_config - /etc/ssl/webmin/miniserv.pem - /etc/sysconfig/bootsplash - /etc/sysconfig/harddrake2/previous_hw - /etc/sysconfig/msec - /etc/sysconfig/rawdevices - /etc/sysconfig/syslog - /etc/sysconfig/usb - /etc/sysctl.conf - /etc/syslog.conf - /etc/tmdns.conf - /etc/xinetd.d/imap - /etc/xinetd.d/ipop3 - /etc/xml/catalog - /usr/share/config/kdeglobals - /usr/share/config/kdesktoprc - /usr/share/config/kdm/kdmrc - /usr/share/config/konquerorrc - /usr/share/sgml/docbook/xmlcatalog - /var/www/html/favicon.ico - /var/www/html/robots.txt These come EVERY SINGLE DAY to my e-mail. Is there any way to suppress these? Those world writable files appear every time i reboot my system. So if i chmod o-w them, they will come back to that list (have tried it :P). And of course files like my httpd2.conf is modified, as i need to set my DocumentRoot and few other things. I know these files have to be modified to make my system work the way i like. I think it's just stupid to list those files there that need to be modified. Is there any way to list only "new modified files" and not those that were in the list last time? I would do it myself, but i just don't know where to look at. I also get rkhunter report there, but it doesn't bother me, just want to know my system is safe. This is my server box. Thanks. Murda. Edited October 11, 2005 by Murda Quote Link to comment Share on other sites More sharing options...
jlc Posted October 8, 2005 Report Share Posted October 8, 2005 Is it logwatch that is sending these e-mails out? You might check more /etc/log.d/logwatch.conf # The default detail level for the report. # This can either be Low, Med, High or a number. # Low = 0 # Med = 5 # High = 10 Detail = 10 I set mine to high, but you can certianly kick it down to low/med Or is it a different app that is doing this? Quote Link to comment Share on other sites More sharing options...
Murda Posted October 9, 2005 Author Report Share Posted October 9, 2005 I don't really know. But i'm sure that i don't even have a directory /etc/log.d. I'm not a Mandriva expert, so i can't know this. :P Quote Link to comment Share on other sites More sharing options...
devries Posted October 9, 2005 Report Share Posted October 9, 2005 Open the Mandriva Control Center, Security, Security level and uncheck security warnings. (translated from Dutch so actual wording can be different.) Quote Link to comment Share on other sites More sharing options...
Murda Posted October 11, 2005 Author Report Share Posted October 11, 2005 Open the Mandriva Control Center, Security, Security level and uncheck security warnings. (translated from Dutch so actual wording can be different.) <{POST_SNAPBACK}> Ok, i found it. Unchecking wasn't my solution for this, but there's more options under this Security level place. Just set world writable file check to "No". Thanks. :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.