On Wednesday 03 October 2018 00:48:28 Nathan Stratton Treadway wrote: > On Tue, Oct 02, 2018 at 19:19:03 -0400, Gene Heskett wrote: > > ERROR: picnc: selfcheck request failed: file/dir '/usr/local/etc' > > (/usr/local/etc/amanda-security.conf) is writable by the group > > Client check: 5 hosts checked in 11.353 seconds. 5 problems found. > > (brought to you by Amanda 3.5.1) > > > > Everything in the src build dir and below is owned by amanda:disk, > > actually built by amanda in the /home/amanda directory, same as I > > have always done it. > > > > An ls -l of /usr/local shows etc is owned by root:staff. > > > > And amanda is not the only user of that etc directory. > > (Sorry, didn't see this particular message until after replying to the > one you sent at 21:43...) > > The question is "does the 'staff' group really need write permissions > on /usr/local/etc/ ?" > > Assuming not, the easy solution is to remove group-write permission > from the directory. > > (If you actually do have non-root members of "staff" writing to that > directory in your environment [or to /usr/local/, etc.], you may need > to move the amanda-security.conf file to a different, amanda-specific > path -- e.g. by tweaking your build script to pass > --with-security-file to configure.) > > Nathan > I had to back out to local, removing group perms, but once I did that to local, makes it look like: drw-r-Sr-x 15 root staff 4096 Jun 28 2017 local
the error messages changed to ERROR: coyote: selfcheck request failed: No defined tcp_port_range in '/usr/local/etc/amanda-security.conf' ERROR: shop: selfcheck request failed: No defined tcp_port_range in '/usr/local/etc/amanda-security.conf' ERROR: lathe: selfcheck request failed: No defined tcp_port_range in '/usr/local/etc/amanda-security.conf' ERROR: GO704: selfcheck request failed: No defined tcp_port_range in '/usr/local/etc/amanda-security.conf' ERROR: picnc: selfcheck request failed: No defined tcp_port_range in '/usr/local/etc/amanda-security.conf' Which sounds just as serious. Is there no end to this so-called security fix? Thanks Nathan. -- Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
