Thanks, Vijay. Thatâs exactly what I couldnât find in the documentation.
(Now that I know what to look for, I see the line in security(8)âs manpage
that I overlooked.)
CCâing list to help the next person with this questionâ¦
-Aadm
From: Vijay Sankar [mailto:vsan...@foretell.ca]
Sent: October 6, 2016 10:20
To: Adam Thompson <athom...@athompso.net>
Subject: Re: security(8) question - how to skip a single file?
Hi Adam,
Not replying to list in case I did not understand the question.
I have the following towards the end of /etc/changelist
.
.
.
/var/nsd/etc/nsd.conf
# /var/unbound/etc/root.key
/var/unbound/etc/unbound.conf
/var/yp/Makefile.main
/var/yp/Makefile.yp
Is that what you are looking for?
Vijay
Quoting Adam Thompson <athom...@athompso.net <mailto:athom...@athompso.net>
>:
I have RTFMed and googled, but I still canââ¬â¢t figure out how to do one
simple
thing: make security(8) ignore a single file that changes on a daily basis,
where that file is otherwise monitored due to /etc/mtree/4.4BSD.dist.
The file in question is /var/unbound/db/root.key, which I have auto-updating.
Yes, I understand why this file is important, but on this particular system,
being lulled into complacency by a daily false-positive security(8) report is
more of a danger than someone managing to hack the root DNS key.
Suggestions or pointers or interpretation of the docs appreciated.
Thanks,
-Adam
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
vsan...@foretell.ca
<https://server3.foretell.ca/post/imp/dynamic.php?page=mailbox>