Improvements to seccheck

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Improvements to seccheck

Michael James
Who is looking after seccheck these days?

The header says:
  Daily security check v2.0 by Marc Heuse <[hidden email]>

But I sent an email to him and it bounced. Has he moved on?


Here's what I am suggesting:

The seccheck scripts provide some interesting reading
 for the systems administrator, pointers for tightening things etc.

But I get pages of false positives from the writeable,
 executable, and suid parts of the script.

You see some partitions on my disks contain
 regular rsync-ed backups of other machines,
 including machines not under my control.

To protect my machine, backup partitions are mounted  noexec,nosuid.

When your scripts get the list of mounts they take no account of this.

Would it be an improvement to split your $MNT list into 3?

Say:   $MNT_WRITE  $MNT_EXEC  $MNT_SUID

This would allow the find to only be fired into
 the branches of the filesystem where the permissions matter.

I'd be happy to work out and suggest some patches,
 but if you think it better left simple, I won't bother you...

michaelj

--
Michael James                         [hidden email]
System Administrator                    voice:  02 6246 5040
CSIRO Bioinformatics Facility             fax:  02 6246 5166

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: Improvements to seccheck

Thomas Biege
On Thu, Sep 21, 2006 at 09:38:21AM +1000, Michael James wrote:
> Who is looking after seccheck these days?
>
> The header says:
>   Daily security check v2.0 by Marc Heuse <[hidden email]>
>
> But I sent an email to him and it bounced. Has he moved on?

He officially left SUSE several years ago, and somehow I become
the new mainatiner. *shrug*



> I'd be happy to work out and suggest some patches,
>  but if you think it better left simple, I won't bother you...

Feel free to write patches. Do you have an account on bugzilla?


--
Bye,
     Thomas
--
 Thomas Biege <[hidden email]>, SUSE LINUX, Security Support & Auditing
--
        "Testing reveals the presence, but not the absence of bugs."
                                        -- Edsger Wybe Dijkstra

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here