https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=178005
Michael Grimm <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #2 from Michael Grimm <[email protected]> --- Hi, you'll find a new 101.newchksetuid attached that mor or less does what you propose: # modifications to default /etc/periodic/security/100.chksetuid: # # () detect modifications in file permissions, only # () new function check_diff_chksetuid is used to do comparisons # () check_diff_chksetuid should be added to # /etc/periodic/security/security.functions after acceptance # # [] thus, only modfications of setuid permission will be reported # [] this will reduce unnecessary noise in daily security mails, # significantly # # put this file into: /etc/periodic/security/ # # add to periodic.conf: # security_status_newchksetuid_enable="YES" # security_status_newchksetuid_period="daily" # security_status_chksetuid_enable="NO" The new check_diff_chksetuid uses awk to compares only the file permission columns, but reports the complete 'ls' line. I do have ths running for a while now and didn't find a bug, yet. Possible actions: 1) add 101.newchksetuid as an alternative as is 2) add 101.newchksetuid as an alternative *and* add check_diff_chksetuid to security.functions 3) patch 100.chksetuid *and* add check_diff_chksetuid to security.functions If one decides for 2) or 3), please let me know. I will prepare the appropriate patches, then Regards, Michael -- You are receiving this mail because: You are the assignee for the bug.
