right, and my point is not that there is a problem with the compliance check that says "hey, you have two uid 0 accounts" (that one is quite correct in this regard) but rather when presented with 2 uid 0 accounts, it misassigns the owner of the file. In fact, it choses to view the ownership of the file as wrong, even through it is quite correct, even though it gets the info from the file _as a numeric uid_. I would say that 1 duplicate uid 0 account is worth 1 compliance hit, not 60 (one per log in /var/log, for instance). Yes, I'm sure that someone will find value in having it go crazy ringing alarm bells and whistles, but I think it's rather inaccurate for an audit.
Of course, you might also change the audit to look for "myroot", which in fact could produce false negatives (non-root level ownership, for instance, if myroot was not in fact uid 0). So, yes the horse I rode in on is half lame, but that doesn't mean that the saddle ain't broke :) On Mon, Jun 2, 2008 at 1:55 PM, Paul Davis <[EMAIL PROTECTED]> wrote: > Doug, > > Actually, Renaud brings up a great point, the configuration in question is > definitely not compliant and goes against good security practices.. > I'll defer to Renaud... > > Renaud Deraison (lists) wrote: > > On Jun 2, 2008, at 8:22 PM, Doug Nordwall wrote: > > > >> so, we have boxes (many) with 2 UID 0 accounts. > > > > Stop right here. This goes against every Unix administrative best > > practices playbook which clearly says that each user should have its > > own UID. Why do you have such a setup ? > > > > > > -- Renaud > > _______________________________________________ > > Nessus mailing list > > [email protected] > > http://mail.nessus.org/mailman/listinfo/nessus > > > > -- > Best Regards, > > Paul Davis > Research Engineer > Tenable Network Security Inc > Phone: 410.872.0555 > www.tenablesecurity.com > > Is your network TENABLE? > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > -- Doug Nordwall Unix, Network, and Security Administrator You mean the vision is subject to low subscription rates?!!? - Scott Stone, on MMORPGs
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
