As far as I know, msec will change permissions on files and directories (based on the level you've chosen), but doesn't actually remove any files. When it runs, it looks for various types of files, such as the suid files mentionned below, and writes a list of them in /var/log/security/suid_xxx.today (where the "xxx" is one of several values, depending on the test). After finding all the "interesting" stuff for today, it compares to the "interesting" stuff from yesterday and sends the email.
The message below indicates that files present yesterday are no longer present today. msec has no information as to _who_ removed (or added) files. Your guess about removing package gnome-games is undoubtedly the answer. One of msec's tasks is to detect "interesting" changes in a system. It is up to you, the system owner/administrator, to explain the reported changes and decide if they are significant or not. Good luck! David At 02:50 PM 8/17/02, Liam Quin wrote: >root got email saying... > >Security Warning: Changes in Suid Group files found : > - Removed suid group files : /usr/bin/glines > - Removed suid group files : /usr/bin/gnibbles > - Removed suid group files : /usr/bin/gnobots2 > - Removed suid group files : /usr/bin/gnome-stones > - Removed suid group files : /usr/bin/gnometris > - Removed suid group files : /usr/bin/gnomine > - Removed suid group files : /usr/bin/gnotravex > - Removed suid group files : /usr/bin/gnotski > - Removed suid group files : /usr/bin/gtali > - Removed suid group files : /usr/bin/iagno > - Removed suid group files : /usr/bin/mahjongg > - Removed suid group files : /usr/bin/same-gnome > >Either it means msec (did msec send this mail? It should say but >doesn't) removed the files, or it's reporting that files were >removed, but I am not sure which as I had to remove gnome-games to >upgrade drakconf. > >If it means > msec removed the following files >please make it say that. Then, stop it from removing files. > >If it means, > msec noticed the folloowing files, which had been suid group, > are no longer persent: >then make it say that. > >Thanks, > >Liam > >-- >Liam Quin, W3C XML Activity Lead, [EMAIL PROTECTED]
