Package: shorewall
Version: 4.4.27.3-1
Severity: normal
Hi,
Please respect the sys admin set perms for the files in /var/lib/shorewall.
I set these perms so that they satisfy my own security requirements by using
cfengine. I maintain that it is not appropriate for shorewall to change them
whenever it runs, other than on initial install or re-install.
Plain file /var/lib/shorewall/.restart had permission 700, changed it to 740
Plain file /var/lib/shorewall/nat had permission 600, changed it to 640
Plain file /var/lib/shorewall/.start had permission 700, changed it to 740
Plain file /var/lib/shorewall/proxyarp had permission 600, changed it to 640
Plain file /var/lib/shorewall6/proxyndp had permission 600, changed it to
640
Plain file /var/lib/shorewall6/.start had permission 700, changed i t to 740
Thanks,
--
Jeffrey Sheinberg
-- System Information:
Debian Release: 6.0.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500,
'stable')
Architecture: i386 (x86_64)
Kernel: Linux 3.2.0-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages shorewall depends on:
ii bc 1.06.95-2 The GNU bc arbitrary precision cal
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii iproute 20100519-3 networking and traffic control too
ii iptables 1.4.8-3 administration tools for packet fi
ii perl-modules 5.10.1-17squeeze3 Core Perl modules
shorewall recommends no packages.
Versions of packages shorewall suggests:
ii linux-image-2.6.39-bpo. 2.6.39-3~bpo60+1 Linux 2.6.39 for 64-bit PCs
ii linux-image-3.2.0-0.bpo 3.2.4-1~bpo60+1 Linux 3.2 for 64-bit PCs
ii make 3.81-8 An utility for Directing compilati
ii shorewall-doc 4.4.27-1 documentation for Shoreline Firewa
-- Configuration Files:
/etc/default/shorewall changed:
startup=1
SAFESTOP=1
OPTIONS=""
/etc/shorewall/shorewall.conf changed:
STARTUP_ENABLED=Yes
VERBOSITY=1
BLACKLIST_LOGLEVEL=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOGALLNEW=
LOGFILE=/var/log/iptables.log
LOGFORMAT="SW %s:%s "
LOGTAGONLY=No
LOGLIMIT=
MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL=info
CONFIG_PATH="/etc/shorewall:/usr/share/shorewall"
IPTABLES=
IP=
IPSET=
MODULESDIR=
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
PERL=/usr/bin/perl
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
TC=
ACCEPT_DEFAULT=none
DROP_DEFAULT=Drop
NFQUEUE_DEFAULT=none
QUEUE_DEFAULT=none
REJECT_DEFAULT=Reject
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'
ACCOUNTING=Yes
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=No
AUTO_COMMENT=Yes
AUTOMAKE=No
BLACKLISTNEWONLY=Yes
CLAMPMSS=No
CLEAR_TC=Yes
COMPLETE=No
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DISABLE_IPV6=No
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
IMPLICIT_CONTINUE=No
IP_FORWARDING=On
KEEP_RT_TABLES=No
LEGACY_FASTSTART=Yes
LOAD_HELPERS_ONLY=No
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MAPOLDACTIONS=No
MARK_IN_FORWARD_CHAIN=No
MODULE_SUFFIX=ko
MULTICAST=No
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=0
OPTIMIZE_ACCOUNTING=No
REQUIRE_INTERFACE=No
RESTORE_DEFAULT_ROUTE=Yes
RETAIN_ALIASES=No
ROUTE_FILTER=Yes
SAVE_IPSETS=No
TC_ENABLED=Internal
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=No
USE_DEFAULT_RT=No
USE_PHYSICAL_NAMES=No
ZONE2ZONE=2
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0
IPSECFILE=zones
-- debconf information:
shorewall/invalid_config:
shorewall/dont_restart:
shorewall/major_release:
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
