Package: osirisd Version: 2.0.6-1 Severity: high osirisd's init.d script does a --chuid=osirisd. This means that it is unable to scan quite a few directories or watch for changes on secure files - precisely those files that need watching!
I only discovered this when I was investigating why certain files were not being monitored :-( osirisd has privilege seperation. I don't mind the ability to run entirely as osirisd, however it should default to running as root to avoid any nasty suprises. Severity set to high since this has major security implications IMO. Thanks, Adrian (a very happy osiris user after fighting samhain) -- Email: [EMAIL PROTECTED] -*- GPG key available on public key servers Debian GNU/Linux - the maintainable distribution -*- www.debian.org Avoid working with children, animals and Microsoft "operating" systems -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
