I've secured my system by using RSBAC and gave daemons only minimum required rights::
Dec 30 07:53:34 geht-schon kernel: check_comp_rc(): pid 5244 (dbmail-lmtpd), owner 102, rc_role 70, FILE rc_type 4, request EXECUTE -> NOT_GRANTED! Dec 30 07:53:34 geht-schon kernel: rsbac_adf_request(): request EXECUTE, pid 5244, ppid 24743, prog_name dbmail-lmtpd, uid 102, target_type FILE, tid Device 09:01 Inode 32380 Path /bin/bash, attr none, value 0, result NOT_GRANTED by RC dbmail-lmtpd tries to execute /bin/bash ?? Why? There's nothing special in the logs: Dec 30 07:53:33 geht-schon dbmail/lmtpd[24743]: PerformChildTask(): incoming connection from [127.0.0.1 (localhost)] Dec 30 07:53:34 geht-schon dbmail/lmtpd[24743]: sort.c, sort_and_deliver: message id=331614, size=1545 is inserted Dec 30 07:53:34 geht-schon dbmail/lmtpd[24743]: pool.c,child_unregister: child [24743] unregistered That happens frequently, for every 50th-100th message that is inserted. Execution of /bin/bash was denied but everything worked fine I think. Thomas -- http://www.tmueller.com for pgp key (95702B3B)
