Package: shorewall Version: 4.4.27.3-1 Severity: normal Hi,
Please respect the sys admin set perms for the files in /var/lib/shorewall. I set these perms so that they satisfy my own security requirements by using cfengine. I maintain that it is not appropriate for shorewall to change them whenever it runs, other than on initial install or re-install. Plain file /var/lib/shorewall/.restart had permission 700, changed it to 740 Plain file /var/lib/shorewall/nat had permission 600, changed it to 640 Plain file /var/lib/shorewall/.start had permission 700, changed it to 740 Plain file /var/lib/shorewall/proxyarp had permission 600, changed it to 640 Plain file /var/lib/shorewall6/proxyndp had permission 600, changed it to 640 Plain file /var/lib/shorewall6/.start had permission 700, changed i t to 740 Thanks, -- Jeffrey Sheinberg -- System Information: Debian Release: 6.0.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: i386 (x86_64) Kernel: Linux 3.2.0-0.bpo.1-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages shorewall depends on: ii bc 1.06.95-2 The GNU bc arbitrary precision cal ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii iproute 20100519-3 networking and traffic control too ii iptables 1.4.8-3 administration tools for packet fi ii perl-modules 5.10.1-17squeeze3 Core Perl modules shorewall recommends no packages. Versions of packages shorewall suggests: ii linux-image-2.6.39-bpo. 2.6.39-3~bpo60+1 Linux 2.6.39 for 64-bit PCs ii linux-image-3.2.0-0.bpo 3.2.4-1~bpo60+1 Linux 3.2 for 64-bit PCs ii make 3.81-8 An utility for Directing compilati ii shorewall-doc 4.4.27-1 documentation for Shoreline Firewa -- Configuration Files: /etc/default/shorewall changed: startup=1 SAFESTOP=1 OPTIONS="" /etc/shorewall/shorewall.conf changed: STARTUP_ENABLED=Yes VERBOSITY=1 BLACKLIST_LOGLEVEL= LOG_MARTIANS=Yes LOG_VERBOSITY=2 LOGALLNEW= LOGFILE=/var/log/iptables.log LOGFORMAT="SW %s:%s " LOGTAGONLY=No LOGLIMIT= MACLIST_LOG_LEVEL=info RELATED_LOG_LEVEL= SFILTER_LOG_LEVEL=info SMURF_LOG_LEVEL=info STARTUP_LOG=/var/log/shorewall-init.log TCP_FLAGS_LOG_LEVEL=info CONFIG_PATH="/etc/shorewall:/usr/share/shorewall" IPTABLES= IP= IPSET= MODULESDIR= PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin" PERL=/usr/bin/perl RESTOREFILE=restore SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" TC= ACCEPT_DEFAULT=none DROP_DEFAULT=Drop NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none REJECT_DEFAULT=Reject RCP_COMMAND='scp ${files} ${root}@${system}:${destination}' RSH_COMMAND='ssh ${root}@${system} ${command}' ACCOUNTING=Yes ACCOUNTING_TABLE=filter ADD_IP_ALIASES=No ADD_SNAT_ALIASES=No ADMINISABSENTMINDED=No AUTO_COMMENT=Yes AUTOMAKE=No BLACKLISTNEWONLY=Yes CLAMPMSS=No CLEAR_TC=Yes COMPLETE=No DELETE_THEN_ADD=Yes DETECT_DNAT_IPADDRS=No DISABLE_IPV6=No DONT_LOAD= DYNAMIC_BLACKLIST=Yes EXPAND_POLICIES=Yes EXPORTMODULES=Yes FASTACCEPT=No FORWARD_CLEAR_MARK= IMPLICIT_CONTINUE=No IP_FORWARDING=On KEEP_RT_TABLES=No LEGACY_FASTSTART=Yes LOAD_HELPERS_ONLY=No MACLIST_TABLE=filter MACLIST_TTL= MANGLE_ENABLED=Yes MAPOLDACTIONS=No MARK_IN_FORWARD_CHAIN=No MODULE_SUFFIX=ko MULTICAST=No MUTEX_TIMEOUT=60 NULL_ROUTE_RFC1918=No OPTIMIZE=0 OPTIMIZE_ACCOUNTING=No REQUIRE_INTERFACE=No RESTORE_DEFAULT_ROUTE=Yes RETAIN_ALIASES=No ROUTE_FILTER=Yes SAVE_IPSETS=No TC_ENABLED=Internal TC_EXPERT=No TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" TRACK_PROVIDERS=No USE_DEFAULT_RT=No USE_PHYSICAL_NAMES=No ZONE2ZONE=2 BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT RELATED_DISPOSITION=ACCEPT SMURF_DISPOSITION=DROP SFILTER_DISPOSITION=DROP TCP_FLAGS_DISPOSITION=DROP TC_BITS= PROVIDER_BITS= PROVIDER_OFFSET= MASK_BITS= ZONE_BITS=0 IPSECFILE=zones -- debconf information: shorewall/invalid_config: shorewall/dont_restart: shorewall/major_release: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org