Re: huge first daily insecurities
Ingo, Joachim, thanks. Goes to show that you often see what you expect to see, I guess. Heh. Maybe I would have picked up on things if I had looked far enough down to see /etc/group . 8-/ Now let's see if I can stay awake while I scan through it all. :-( (Sure fall asleep easy these days.) And get the dmesg shipped out, too, but I'm going to get some sleep first. much grass, Joel Rees On Tue, 28 Dec 2010 10:48:57 +0100 Ingo Schwarze wrote: > Hi Joel, > > Joel Rees wrote on Tue, Dec 28, 2010 at 01:51:19PM +0900: > > > So the first daily insecurities is over a megabyte of text. > > After installing, the directory /var/backups is still empty. > The first security(8) run will populate it, > reporting the SUID binaries, devices and configuration files > installed when installing the system. > > > Can I mostly scan through those > > Well, you can take that as a (partial) list of what will be watched > in the future, but you probably shouldn't touch anything. > > > I could remove all the devices I know this old iBook will never have, > > but that's not even recommended general practice, is it? > > No, don't do that, it is waste of time, and when you remove one too > many, you are in for trouble. > > > The bulk of the mail is a lot (40 or more?) of diffs with /dev/null > > for stuff that I don't have in /etc and /var. > > I suspect these files *do* exist in /etc, and the mail is telling > you they were added during the install. > > > then I looked in /var/backups and found the examples. > > Those are not examples, but copies from /etc. > > > The third one is /etc/changelist , and I'm sure I want that one. > > Without having a changelist installed in /etc, you wouldn't even get > such diffs. > > > Also, I'm wondering whether it would be more useful to send in > > the dmesg before or after I get /etc cleaned up. > > Apart from the fact that there is almost certainly nothing to clean up, > changing stuff in /etc won't change the dmesg. The dmesg only depends > on the kernel. So, as soon as you are running the GENERIC kernel, you > are ready for grabbing the dmesg off the box, whatever the state of the > system may be. > > > Or maybe you have enough iBook G4 12 inch dmesg-es for 4.8? > > Nothing special, really. > > No idea whether this particular one is needed more or less urgently, > and i suspect it is hard for anybody to tell without seeing it. > Thus, when installing a new machine, just send it. > An additional one does no harm, a missing one may be, well, missing... > > Besides, having the same text printed on the box doesn't necessary mean > you have the same chips inside, as hardware hackers often deplore. > > Yours, > Ingo
Re: huge first daily insecurities
Hi Joel, Joel Rees wrote on Tue, Dec 28, 2010 at 01:51:19PM +0900: > So the first daily insecurities is over a megabyte of text. After installing, the directory /var/backups is still empty. The first security(8) run will populate it, reporting the SUID binaries, devices and configuration files installed when installing the system. > Can I mostly scan through those Well, you can take that as a (partial) list of what will be watched in the future, but you probably shouldn't touch anything. > I could remove all the devices I know this old iBook will never have, > but that's not even recommended general practice, is it? No, don't do that, it is waste of time, and when you remove one too many, you are in for trouble. > The bulk of the mail is a lot (40 or more?) of diffs with /dev/null > for stuff that I don't have in /etc and /var. I suspect these files *do* exist in /etc, and the mail is telling you they were added during the install. > then I looked in /var/backups and found the examples. Those are not examples, but copies from /etc. > The third one is /etc/changelist , and I'm sure I want that one. Without having a changelist installed in /etc, you wouldn't even get such diffs. > Also, I'm wondering whether it would be more useful to send in > the dmesg before or after I get /etc cleaned up. Apart from the fact that there is almost certainly nothing to clean up, changing stuff in /etc won't change the dmesg. The dmesg only depends on the kernel. So, as soon as you are running the GENERIC kernel, you are ready for grabbing the dmesg off the box, whatever the state of the system may be. > Or maybe you have enough iBook G4 12 inch dmesg-es for 4.8? > Nothing special, really. No idea whether this particular one is needed more or less urgently, and i suspect it is hard for anybody to tell without seeing it. Thus, when installing a new machine, just send it. An additional one does no harm, a missing one may be, well, missing... Besides, having the same text printed on the box doesn't necessary mean you have the same chips inside, as hardware hackers often deplore. Yours, Ingo
Re: huge first daily insecurities
On Tue, Dec 28, 2010 at 01:51:19PM +0900, Joel Rees wrote: > Just want to check on whether the situation with my sort-of new > install of 4.8 is normal, and if my guess as to how to approach it is > correct. > > I didn't have time last night to go through and tweak everything I > know to tweak, and just let it run overnight anyway. > > So the first daily insecurities is over a megabyte of text. Yes, that's to be expected. > Can I mostly scan through [suid and device repots] and just let it go > if I don't see anything obvious? (Not that I'm confident I'd know what > I'm looking for, ...) I suppose, if I were ambitious, I could remove > all the devices I know this old iBook will never have, but that's not > even recommended general practice, is it? > > The bulk of the mail is a lot (40 or more?) of diffs with /dev/null > for stuff that I don't have in /etc and /var. > > Wasted about three hours this morning working on a program to split > all the diffs out into files before it occured to me that almost > everything in here is here because it isn't there, and then I looked > in /var/backups and found the examples. /etc/security (which is run from /etc/daily) is useful, but very simple-minded. In particular, if you install or upgrade, it will spew lots of noise. I recommend skimming it quickly, it's almost never a good use of your time to read it closely. (/etc/security *is* quite useful in case of a compromise, or if you messed with a configuration file and forgot that you did so, etc.) Don't cripple your system by removing default configuration files, it'll only end in tears. And you'll have to re-do it after each upgrade anyway. In general, don't "tweak" unless you *know* why you need/want to. > Also, I'm wondering whether it would be more useful to send in the > dmesg before or after I get /etc cleaned up. Or maybe you have enough > iBook G4 12 inch dmesg-es for 4.8? Nothing special, really. AFAIK, dmesgs are always appreciated. Joachim -- PotD: devel/ruby-ffi-inliner - embed C code in your ruby script http://www.joachimschipper.nl/
