Hi, a recent inquiry by a user reminded me that the security(8) manual is trying to explain the tool's limitations, but rather muddling the point.
So here is an attempt to better explain what's wrong with it. OK? Ingo Index: security.8 =================================================================== RCS file: /cvs/src/share/man/man8/security.8,v retrieving revision 1.21 diff -u -r1.21 security.8 --- security.8 8 Jul 2012 21:48:38 -0000 1.21 +++ security.8 12 Aug 2012 09:49:09 -0000 @@ -14,7 +14,9 @@ .Nm is a command script that examines the system for some signs of security weaknesses. -It is only a security aid and does not offer complete protection. +It cannot be used for intrusion detection; see the +.Sx BUGS +section for details. .Nm is run by .Xr daily 8 , @@ -112,10 +114,6 @@ .Xr hostname.if 5 file permissions. .El -.Pp -The intent of the -.Nm -script is to point out some obvious holes to the system administrator. .Sh ENVIRONMENT The following variables can be set in .Pa /etc/daily.local : @@ -156,7 +154,26 @@ .Sh BUGS The name of this script may provide a false sense of .Nm security . -.\" Well, I thought it was amusing. .Pp There are perhaps an infinite number of ways the system can be compromised without this script noticing. +.Pp +Intrusion detection and file integrity checking require that both +the file checksums and the tools for comparing the checksums +are stored on a storage medium that is +.Em physically +separate from the machine to be checked +and only mounted by the administrator, with +.Em physical +write protection, while performing the routine comparisons. +Otherwise, an intruder obtaining root permissions is able +to manipulate the checksums and/or the comparison tools +to render the checking ineffective and maintain his illicit access. +.Pp +The +.Nm +script stores both the checksums and the checking tools +on the system itself, without sufficient write protection, +so it doesn't provide intrusion detection. +It is merely a security aid to draw the administrator's attention +to some obvious administration mistakes.
