Bugtraq mailing list archives

Re: Correction: CPSN 9:971208: Solaris /var Permission Problems

From: tep () SDSC EDU (Tom Perrine)
Date: Tue, 13 Jan 1998 14:48:15 -0800

The moving finger of Randy Mikesell, having written:


    Randy> Be careful on what you suggest.  The last I heard, even Sun does not
    Randy> recommend that you run ASET in high.  I know of more than one box that
    Randy> was trashed because the SA set ASET to high.  It is a long and painfull
    Randy> process to restore the system after ASET is finished with it.  It may be
    Randy> better to keep up on the patches and run scripts or other tools to keep
    Randy> track of the permissions.

I highly recommend cfengine (GNU software) to set
owner/group/permissions for such things.  We've been using cfengine to
"repair" vendor file permissions for over a year, as well as install
all kinds of extra software, such as Kerberos, SSH, logdaemon,
tcp_wrappers, etc.

A find followed by a cfengine run is a good idea.  Letting cfengine
run every morning and at every re-boot is a Great Idea.  A
self-healing installation.

--
Tom E. Perrine (tep () SDSC EDU) | San Diego Supercomputer Center
http://www.sdsc.edu/~tep/     | Voice: +1.619.534.5000
I miss my 36-bit friends: Multics, TOPS-10, and TOPS-20.

Current thread:

KSR[T] Advisory #7: filter, (continued)
- - - KSR[T] Advisory #7: filter KSR[T] (Jan 29)
    - Bug in IMail's pop3d32.exe RHS Linux User (Jan 29)
    - Secure Linux patch Solar Designer (Jan 29)
    - Gaining Domain Admins access on LAN (fwd) Weld Pond (Jan 28)
    - GZEXE - the big problem Micha? Zalewski (Jan 28)
  - Re: Xserver stack smashed Rahul Sahadevan (Jan 26)
  - Vulnerability in htmlscript Dennis Moore (Jan 26)
  - ANNOUNCE: Secure Syslog Lucio Torre (Jan 26)
  - Security flaw in htmlscript Joseph Jay Austin (Jan 27)
- Re: Correction: CPSN 9:971208: Solaris /var Permission Problems Randy Mikesell (Jan 13)
  - Re: Correction: CPSN 9:971208: Solaris /var Permission Problems Tom Perrine (Jan 13)