https://bugzilla.novell.com/show_bug.cgi?id=207322 Summary: seccheck improvements Product: openSUSE 10.2 Version: Alpha 4 plus Platform: Other OS/Version: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Other AssignedTo: thomas@novell.com ReportedBy: thomas@novell.com QAContact: qa@suse.de For me: From: Michael James <Michael.James@csiro.au> To: suse-security@suse.com Date: Thu, 21 Sep 2006 09:38:21 +1000 User-Agent: KMail/1.8 Subject: [suse-security] Improvements to seccheck Who is looking after seccheck these days? The header says: Daily security check v2.0 by Marc Heuse <marc@suse.de> But I sent an email to him and it bounced. Has he moved on? Here's what I am suggesting: The seccheck scripts provide some interesting reading for the systems administrator, pointers for tightening things etc. But I get pages of false positives from the writeable, executable, and suid parts of the script. You see some partitions on my disks contain regular rsync-ed backups of other machines, including machines not under my control. To protect my machine, backup partitions are mounted noexec,nosuid. When your scripts get the list of mounts they take no account of this. Would it be an improvement to split your $MNT list into 3? Say: $MNT_WRITE $MNT_EXEC $MNT_SUID This would allow the find to only be fired into the branches of the filesystem where the permissions matter. I'd be happy to work out and suggest some patches, but if you think it better left simple, I won't bother you... michaelj -- Michael James michael.james@csiro.au System Administrator voice: 02 6246 5040 CSIRO Bioinformatics Facility fax: 02 6246 5166 -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.