Hi there, On Sun, 22 Jan 2012, Stephen Butler wrote:
Hi all,I've been reading through the clamav docs and found this section triggered a few questions. http://www.clamav.net/doc/latest/html/node24.html # touch /var/log/freshclam.log # chmod 600 /var/log/freshclam.log # chown clamav /var/log/freshclam.logI noticed that after setting these permissions on the file that I could no longer view the freshclam.log file as my normal user.Should I use this ownership/permissions combination on all the following files/folders and use sudo if I need to do anything to them ?- /usr/local/etc/clamd.conf - /usr/local/etc/freshclam.conf - /var/log/clamd.log - /var/log/freshclam.log - /var/lib/clamav <-- The database dirThese ownership/permissions are a security precaution right ?Thanks,
Your mail is quoted above exactly as it arrived. If you see what I see, as you can see it's a little difficult to parse. Hopefully you can figure out why and send something easier to read next time. :) You have included '/var/log/freshclam.log' in your question, although the answer must be clear from what you have written yourself. You noticed that, when you removed permission to read the file, the operating system would not allow it to be read. No surprise there. :) ClamAV is related to security, so there's good reason to consider security in its application. However you should not just invent changes to permissions to random files that aren't suggested in the documentation. You would do better to read about security principles in general. Consider what are the risks to your particular installation (you know a lot more about it than anyone here) and how you should go about protecting it based on your unique knowledge. Log files generally, and mail log files in particular, might possibly contain sensitive and/or personal information so they would generally be made readable only by administrative users. Configuration files in many cases will contain little, if any, sensitive information although there are many notable exceptions. For databases it's impossible to generalize. Some will contain sensitive information and some won't. As you have told us nothing at all about your installation, it is difficult to offer much more specific advice. Personally, I don't take a lot of trouble to minimize the number of users who have read permission on any ClamAV database directory for which I'm responsible. The very few users who have access to those machines are trusted. There's little in there that can't be found in many places on the Internet, and the only useful information that might be gained by someone with malicous intent is that the database contains as many signatures as I can find and they're kept up to date. The only real downside that springs immediately to mind is that this knowledge might allow an attacker to avoid wasting some of her time, although I suppose she might just be waiting for a 0-day vulnerability and want to know the time window likely to be available to her for an attack. That's assuming that my attacker has already breached the security of the machine in question in order to read *any* of the files on it, in which case all bets are off anyway. -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
