http://qa.mandrakesoft.com/show_bug.cgi?id=1739
[EMAIL PROTECTED] changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |major
Priority|P2 |P1
Platform|Other |PC
------- Additional Comments From [EMAIL PROTECTED] 2003-03-07 11:57 -------
after setting check_promisc to 0 in /etc/security/msec/level.local
and running msec
Mar 7 11:43:00 spirit CROND[4154]: (root) CMD (
/usr/share/msec/promisc_check.sh)
Mar 7 11:44:00 spirit CROND[4185]: (root) CMD (
/usr/share/msec/promisc_check.sh)
Mar 7 11:45:00 spirit CROND[4208]: (root) CMD (
/usr/share/msec/promisc_check.sh)
Mar 7 11:46:00 spirit CROND[4228]: (root) CMD (
/usr/share/msec/promisc_check.sh)
Mar 7 11:47:00 spirit CROND[4243]: (root) CMD (
/usr/share/msec/promisc_check.sh)
Mar 7 11:48:00 spirit CROND[4275]: (root) CMD (
/usr/share/msec/promisc_check.sh)
Mar 7 11:48:32 spirit msec: ### Program is starting ###
Mar 7 11:48:32 spirit msec: Reading local rules from
/etc/security/msec/level.local
Mar 7 11:48:33 spirit msec: Forbidding the X server to listen to tcp
connection
Mar 7 11:48:33 spirit msec: Allowing chkconfig --add from rpm
Mar 7 11:48:33 spirit msec: Setting password maximum aging for new
user to 180
Mar 7 11:48:33 spirit msec: Setting password maximum aging for root
and users with id greater than 500 to 180 and delay to 10 days
Mar 7 11:48:33 spirit msec: User root in password aging exception list
Mar 7 11:48:33 spirit msec: User pascal in password aging exception
list
Mar 7 11:48:33 spirit msec: Allowing reboot to the console user
Mar 7 11:48:33 spirit msec: Writing config files and then taking needed
actions
Mar 7 11:48:33 spirit msec: Fixing owners and permissions of files and
directories
Mar 7 11:48:33 spirit msec: Reading data from /usr/share/msec/perm.3
Mar 7 11:48:33 spirit msec: Reading data from
/etc/security/msec/perm.local
Mar 7 11:49:00 spirit CROND[4303]: (root) CMD (
/usr/share/msec/promisc_check.sh)
check promisc still in effet !
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
------- Reminder: -------
assigned_to: [EMAIL PROTECTED]
status: UNCONFIRMED
creation_date:
description:
# ls -l /etc/cron.d/msec
-rw-r--r-- 1 root root 56 f�v 5 10:01 /etc/cron.d/msec
[EMAIL PROTECTED] root]# cat /etc/cron.d
cron.d cron.daily
[EMAIL PROTECTED] root]# cat /etc/cron.d/msec
*/1 * * * * root /usr/share/msec/promisc_check.sh
[EMAIL PROTECTED] root]# cat /etc/security/msec/
level.local perm.local security.conf server.4 server.5
[EMAIL PROTECTED] root]# cat /etc/security/msec/se
security.conf server.4 server.5
[EMAIL PROTECTED] root]# cat /etc/security/msec/security.conf
TTY_WARN=no
SYSLOG_WARN=no
MAIL_WARN=yes
MAIL_USER=root
CHECK_UNOWNED=yes
CHECK_SHADOW=yes
CHECK_SUID_MD5=yes
CHECK_SECURITY=yes
CHECK_PASSWD=yes
CHECK_SUID_ROOT=yes
CHECK_PERMS=yes
CHECK_PROMISC=yes
CHECK_WRITABLE=yes
CHECK_OPEN_PORT=yes
CHECK_SGID=yes
CHKROOTKIT_CHECK=yes
RPM_CHECK=yes
[EMAIL PROTECTED] root]# vi /etc/security/msec/security.conf
[EMAIL PROTECTED] root]# cat /etc/security/msec/security.conf
TTY_WARN=no
SYSLOG_WARN=no
MAIL_WARN=yes
MAIL_USER=root
CHECK_UNOWNED=yes
CHECK_SHADOW=yes
CHECK_SUID_MD5=yes
CHECK_SECURITY=yes
CHECK_PASSWD=yes
CHECK_SUID_ROOT=yes
CHECK_PERMS=yes
CHECK_PROMISC=no
CHECK_WRITABLE=yes
CHECK_OPEN_PORT=yes
CHECK_SGID=yes
CHKROOTKIT_CHECK=yes
RPM_CHECK=yes
[EMAIL PROTECTED] root]# msec
[EMAIL PROTECTED] root]# cat /etc/security/msec/security.conf
TTY_WARN=no
SYSLOG_WARN=no
MAIL_WARN=yes
MAIL_USER=root
CHECK_UNOWNED=yes
CHECK_SHADOW=yes
CHECK_SUID_MD5=yes
CHECK_SECURITY=yes
CHECK_PASSWD=yes
CHECK_SUID_ROOT=yes
CHECK_PERMS=yes
CHECK_PROMISC=no
CHECK_WRITABLE=yes
CHECK_OPEN_PORT=yes
CHECK_SGID=yes
CHKROOTKIT_CHECK=yes
RPM_CHECK=yes
[EMAIL PROTECTED] root]# cat /etc/cron.d/msec
*/1 * * * * root /usr/share/msec/promisc_check.sh
[EMAIL PROTECTED] root]# ls -l /etc/cron.d/msec
-rw-r--r-- 1 root root 56 f�v 5 10:01 /etc/cron.d/msec
[EMAIL PROTECTED] root]#
the cron job has not been removed !
