Re: world readable log files and /etc/ files
On Monday, 2002-04-29 at 02:40:57 +1000, Ian Cumming wrote: I was just cleaning up after rebuilding a machine, and I decided to take a look at the log file and /etc permissions. Which release? Woody? I was quite alarmed. There seem to be many files with world readable permissions, which _shouldnt_. ie: /var/log/xfer.log Probably depends on your flavour of ftp daemon. Mine is -rw-r-1 root adm 335 Apr 24 15:46 /var/log/xferlog /var/log/samba/* Here, /var/log/samba is: drwxr-x---2 root adm 4096 Apr 28 07:48 /var/log/samba The files *are* -rw-r--r--1 root root11144 Apr 28 14:49 log.nmbd -rw-r--r--1 root root 1314 Apr 29 10:24 log.smbd but this doesn't matter. /var/log/mailman/* I don't have mailman, so I can't comment. and in /etc: /etc/proftpd.conf I don't see anything that needs protection in my (default) proftpd.conf. /etc/netatalk/* Don't have. /etc/smb/smb.conf This one can have user names, so I guess it would be better off with tighter access modes. /etc/apache-perl/cron.conf I have no idea what this file is. What is the policy for log files? I understand that it doesnt do _that_ much harm allowing others to read, but it does disclose more than I want to reveal. Actually, having tighter access rights on logfiles may lead to the admin handing out the root password to more people, resulting in lowered security. And now every time I install a package, I'm paranoid about the permissions, so I have to go check them. Be paranoid within reason. If you tighten security so much that you can only work as root, you're easier to screw by trojans. Lupe Christoph -- | [EMAIL PROTECTED] |http://free.prohosting.com/~lupe | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm| -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: world readable log files and /etc/ files
It is also important to remember not to chown log files. If you do this you could run into problems. The proccess that writes the file may not be able too. From: Wichert Akkerman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: world readable log files and /etc/ files Date: Sun, 28 Apr 2002 21:06:35 +0200 MIME-Version: 1.0 Received: from murphy.debian.org ([65.125.64.134]) by hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Sun, 28 Apr 2002 12:10:17 -0700 Received: (qmail 10946 invoked by uid 38); 28 Apr 2002 19:06:45 - Received: (qmail 10906 invoked from network); 28 Apr 2002 19:06:43 - Received: from cabal.xs4all.nl (HELO mx1.wiggy.net) (?bLeNwgFcs5FDRoEhD37OqQvyE0lahofl?@213.84.101.140) by murphy.debian.org with SMTP; 28 Apr 2002 19:06:43 - Received: from wichert by mx1.wiggy.net with local (Exim 3.35 #1 (Debian))id 171u0J-0003Ux-00for [EMAIL PROTECTED]; Sun, 28 Apr 2002 21:06:35 +0200 X-Envelope-Sender: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Mail-Followup-To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] User-Agent: Mutt/1.3.28i Resent-Message-ID: FRsfk.A.0qC.FhEz8@murphy Resent-From: [EMAIL PROTECTED] X-Mailing-List: [EMAIL PROTECTED] archive/latest/7034 X-Loop: [EMAIL PROTECTED] List-Post: mailto:[EMAIL PROTECTED] List-Help: mailto:[EMAIL PROTECTED]?subject=help List-Subscribe: mailto:[EMAIL PROTECTED]?subject=subscribe List-Unsubscribe: mailto:[EMAIL PROTECTED]?subject=unsubscribe Precedence: list Resent-Sender: [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 28 Apr 2002 19:10:18.0777 (UTC) FILETIME=[561ED890:01C1EEE8] Previously Ian Cumming wrote: I was quite alarmed. There seem to be many files with world readable permissions, which _shouldnt_. If you don't trust your local users on a server you have a different problem imho. What is the policy for log files? I understand that it doesnt do _that_ much harm allowing others to read, but it does disclose more than I want to reveal. World-readable except for files with sensitive information. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
A Linux version of system and network monitoring?
Folks, Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. This would be used to monitor a remote system being up or down along with potentially UPS networked device as well. Thanks in advance. --- Crawford The I.T.E.C. Company P.M.B. 146 368 South McCaslin Boulevard Louisville, CO 80027 USA (303) 604-2550 (voice) (866) 604-2550 (toll free) (303) 664-0036 (fax) http://www.itec-co.com * The Information transmitted in this email is intended for the addressee only and may contain confidential and/or privileged material. Any review, retransmission or other use of the contents by persons other than the addressee is prohibited. If you have received this email in error, please contact the sender and delete the material. This message has been scanned by Norton Anti-Virus. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: world readable log files and /etc/ files
On Monday, 2002-04-29 at 02:40:57 +1000, Ian Cumming wrote: I was just cleaning up after rebuilding a machine, and I decided to take a look at the log file and /etc permissions. Which release? Woody? I was quite alarmed. There seem to be many files with world readable permissions, which _shouldnt_. ie: /var/log/xfer.log Probably depends on your flavour of ftp daemon. Mine is -rw-r-1 root adm 335 Apr 24 15:46 /var/log/xferlog /var/log/samba/* Here, /var/log/samba is: drwxr-x---2 root adm 4096 Apr 28 07:48 /var/log/samba The files *are* -rw-r--r--1 root root11144 Apr 28 14:49 log.nmbd -rw-r--r--1 root root 1314 Apr 29 10:24 log.smbd but this doesn't matter. /var/log/mailman/* I don't have mailman, so I can't comment. and in /etc: /etc/proftpd.conf I don't see anything that needs protection in my (default) proftpd.conf. /etc/netatalk/* Don't have. /etc/smb/smb.conf This one can have user names, so I guess it would be better off with tighter access modes. /etc/apache-perl/cron.conf I have no idea what this file is. What is the policy for log files? I understand that it doesnt do _that_ much harm allowing others to read, but it does disclose more than I want to reveal. Actually, having tighter access rights on logfiles may lead to the admin handing out the root password to more people, resulting in lowered security. And now every time I install a package, I'm paranoid about the permissions, so I have to go check them. Be paranoid within reason. If you tighten security so much that you can only work as root, you're easier to screw by trojans. Lupe Christoph -- | [EMAIL PROTECTED] |http://free.prohosting.com/~lupe | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm| -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]