On Dec 19, 2007, at 7:30 PM, Kurt Buff wrote:
On Dec 19, 2007 6:54 PM, jekillen <[EMAIL PROTECTED]> wrote:
Hello:
Is there a manual or other publication that deals specifically with
reading e-mail messages to root for FreeBSD? I have gotten a
message:
setuid diffs:
--- /var/log/setuid.today Sat Sep 8 03:01:34 2007
+++ /tmp/security.9Jz0CWds Wed Dec 19 03:01:38 2007
followed by references to various programs
then the next segment:
Checking for a current audit database:
Downloading fresh database.
auditfile.tbz 46 kB 42
kBps
New database installed.
Database created: Wed Dec 19 14:40:00 PST 2007
Checking for packages with security vulnerabilities:
followed by numerous references to programs and
files on the FreeBSD site.
and I do not know quite what this means.
It means that you have portaudit installed, and it's run as part of
the daily scripts. That's a good thing.
I'd recommend consulting the portaudit man page
What it's found are packages on your machine that have security
bulletins against them - that is, the packages named have
vulnerabilities known to the FreeBSD Security team, which they believe
should be patched. There's a link to the bulletin for each one - I
think you'll find it enlightening to read some or all of them.
I'd do a 'pkg_add -r portupgrade' to install that package, do a cvsup
to get a current ports tree, then assess, very carefully, what you
want to upgrade. IMHO all of the packages mentioned should probably
get upgraded, unless you have *exceptional* reasons not to.
To upgrade you can do 'portupgrade <packagename>' for each package
named, or if you're feeling bold, 'portupgrade -aRr'.
I know that setuid is cause
for concern. I have three other machines with FreeBSD, with one
going back over a year of virtually continuous 24/7 operation and
this is the first time I have seen this type of message. For the
programs
reported with security problems it begs the question of dependencies
if they are removed or updated. Some references are to cups and
fetchmail
neither of which I use or have use for, that I am aware of.
Portupgrade will take care of dependencies. No worries, though you
should also peruse the man page for portupgrade to get your knowledge
up.
This
particular
machine is primarily a web server. It does have Postfix running but
just
uses local delivery and only listens on private network interface.
I am also a little dubious about posting any specifics to a public
mailing
list.
I am admittedly a novice at this (on all my own systems so no one
else's behind is on the line). Short of paying consultation fees to
someone, this is about the only live contact I have on the subject.
Thanks in advance for info:
We were all novices - I still am, in far too many ways. Don't sweat
it, and keep asking questions. Also, start reading the FreeBSD
Handbook - it's online, and also downloadable, and covers this very
topic.
Kurt
Thank you kindly for the info;
I have been reading the handbook. I have it installed as html on my
everyday work machine. Having a web server on localhost is great.
It does cover portupgrade, portsnap, ports and all that but it was just
the e-mails to root that had me confused. Does this also cover the
setuid question also?
I also have the new Absolute FreeBSD, and the hard copy manual
obtained through FreeBSD Mall. I had a problem with e-mail messages
to root some time ago that were showing up every 11 minutes. I look
into crontab and found one script that was set to run every 11 minutes.
I opened the script file and read the authors e-mail address and sent
him an e-mail on the problem. He responded scolding me for putting
commands in rc.conf. Sure enough, though I did not have explicit
commands
in it, I did have the syntax wrong. Who would have guess that a script
dealing with entropy would complain because of problems with rc.conf?
That is an example of question that might arise that could use some
specific coverage in documentation.
Jeff K
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
