Heinrich Rebehn wrote:
Hi list,
i am getting a daily insecurity report from my system system saying:
##########################################################
Checking special files and directories.
Output format is:
filename:
criteria (shouldbe, reallyis)
etc/pf.conf:
type (file, link)
permissions (0600, 0755)
##########################################################
I am actually using a symbolic link for /etc/pf.conf:
ls -l /etc/pf.conf*
lrwxr-xr-x 1 root wheel 11 Nov 30 17:04 /etc/pf.conf -> pf.conf.001
-rw------- 1 root wheel 10529 Nov 14 10:18 /etc/pf.conf.000
-rw------- 1 root wheel 10582 Nov 30 18:12 /etc/pf.conf.001
I do this in order to save different versions of the file.
My question: Is a symbolic link really insecure? Or is this just a
deficiency of /etc/security?
I could use hard links instead of soft links as a workaround, but then
one cannot as easily see where the link points to.
Sorry if this might sound like nitpicking, but i do not want to get used
to ignoring security warnings.
Thanks for any help,
Heinrich Rebehn
University of Bremen
Physics / Electrical and Electronics Engineering
- Department of Telecommunications -
Phone : +49/421/218-4664
Fax : -3341
Two things, use rcs.. that save you headaches, instead of multiple versions of
file, use one file, with multiple diffs.. Other the email is really about the
sym link as others pointed out. If you use RCS you can have the versioning
system in place as you already have it, although in a scalable way IMO, and no
/etc/security email about "shouldbe, reallyis"
HTH
Prabhu
-
