Bug#352337: [Logcheck-devel] Bug#352337: please tighten permissions on /etc/logcheck
Jamie L. Penman-Smithson
jamie at silverdream.org
Wed Feb 15 11:49:19 UTC 2006
On 14 Feb 2006, at 08:58, martin f krafft wrote:
> also sprach Jamie L. Penman-Smithson <jamie at silverdream.org>
> [2006.02.13.0042 +0100]:
>>> I see no reason why /etc/logcheck should have any more permissions
>>> than 0750. Please consider removing access rights from 'other'.
>>
>> Conversely, I don't see much point in being this restrictive?
>
> For a fact, some packages install 644 files:
>
> root at sarge:/etc/logcheck# ls -la ignore.d.server/ntp-server
> -rw-r--r-- 1 root root 45 Aug 26 10:30 ignore.d.server/ntp-server
>
> By making /etc/logcheck 750, those could be protected, and it would
> be unnecessary to file bugs against all packages installing 644
> logcheck files.
However, ignore.d.* is only accessible by root and users in the
logcheck group:
drwxr-s--- 2 root logcheck 608 2006-02-06 22:53 ignore.d.paranoid
drwxr-s--- 2 root logcheck 2808 2006-02-12 23:56 ignore.d.server
drwxr-s--- 2 root logcheck 896 2006-02-10 20:15 ignore.d.workstation
It looks to me like they're already protected?
--
-Jamie L. Penman-Smithson <jamie at silverdream.org>
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: oubliette.z at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060215/99adccb4/attachment.pgp
More information about the Logcheck-devel
mailing list