Jump to content

msec log, what does this mean? [solved]

papaschtroumpf

By papaschtroumpf
in Security

 Share

Recommended Posts

papaschtroumpf MUB Addict

papaschtroumpf

Posted
Posted

I run logwatch (www2.logwatch.com) nightly. it goes through system logs and extracts "interesting" information.

This morning I have the following in my log:

 

--------------------- Connections (secure-log) Begin ------------------------

 

 

**Unmatched Entries**

msec: changed group of /var/log/rkhunter.log from root to adm: 1 Time(s)

msec: changed mode of /var/log/rkhunter.log from 644 to 640: 1 Time(s)

msec: changed mode of /var/log/security/open_port.today from 644 to 640: 1 Time(s)

msec: changed mode of /var/log/security/sgid.today from 644 to 640: 1 Time(s)

msec: changed mode of /var/log/security/suid_md5.today from 644 to 640: 1 Time(s)

msec: changed mode of /var/log/security/suid_root.today from 644 to 640: 1 Time(s)

msec: changed mode of /var/log/security/unowned_group.today from 644 to 640: 1 Time(s)

msec: changed mode of /var/log/security/unowned_user.today from 644 to 640: 1 Time(s)

msec: changed mode of /var/log/security/writable.today from 644 to 640: 1 Time(s)

is this normal? I don't remember seeing eanything like that before.

 

 

[moved from Software by spinynorman]

Link to comment
Share on other sites
arctic Platinum

arctic

Posted
Posted

The msec package manages permissions to several files on its own on a regular basis, based on a script named security.sh. This script will be launched when the system detects folders that do not match the default security settings of your box. Then, msec will "correct" the settings for those folders so they are in line with the rest of the system-security settings. It is usually nothing to worry about.

Link to comment
Share on other sites
papaschtroumpf MUB Addict

papaschtroumpf

Posted
  • Author
Posted
The msec package manages permissions to several files on its own on a regular basis, based on a script named security.sh. This script will be launched when the system detects folders that do not match the default security settings of your box. Then, msec will "correct" the settings for those folders so they are in line with the rest of the system-security settings. It is usually nothing to worry about.

 

the problem is hwy did they have the wrong permission to start with?

Link to comment
Share on other sites
arctic Platinum

arctic

Posted
Posted

First of all, it is not really "wrong permissions" but altered permissions that are considered potentially "insecure" by msec. The permission settings of root are different to those of msec and once you log in as root, certain permissions of files will be changed. Root has the right to read and write every file (except immutable files) while msec wants to set certain files to read-only status for security reasons. Thus, all files with 644 permission that basically should not have a 644 permission will be restored to the system-default 640 setting of msec.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...