Penguin
Hide Sidebar Hide Ads Recent Changes
Blame: checksecurity(8)
EditPageHistoryDiffInfoLikePages
Annotated edit history of checksecurity(8) version 1 showing authors affecting page license. View with all changes included.
Rev Author # Line
1 perry 1 CHECKSECURITY
2 !!!CHECKSECURITY
3 NAME
4 SYNOPSIS
5 DESCRIPTION
6 CONFIGURATION
7 FILES
8 ----
9 !!NAME
10
11
12 checksecurity - check for changes to setuid programs
13 !!SYNOPSIS
14
15
16 __checksecurity__
17 !!DESCRIPTION
18
19
20 The __checksecurity__ command scans the mounted files
21 systems (subject to the filter defined in
22 /etc/checksecurity.conf) and compares the list of setuid
23 programs to the list created on the previous run. Any
24 changes are printed to standard output. Also, it generates a
25 list of ''nfs'' and ''afs'' filesystems that are
26 mounted insecurely (i.e. they are missing the ''nodev''
27 and either the ''noexec'' or ''nosuid''
28 flags).
29
30
31 __checksecurity__ is run by __cron__ on a daily basis,
32 and the output stored in
33 /var/log/setuid.changes.
34 !!CONFIGURATION
35
36
37 The __checksecurity.conf__ file defines several
38 configuration variables: __CHECKSECURITY_FILTER__,
39 __CHECKSECURITY_NOFINDERRORS__,
40 __CHECKSECURITY_DISABLE__, __CHECKSECURITY_NONFSAFS__,
41 __CHECKSECURITY_EMAIL__,
42 __CHECKSECURITY_DEVICEFILTER__,
43 __CHECKSECURITY_PATHFILTER__, and __LOGDIR__. Each is
44 described below.
45
46
47 The __CHECKSECURITY_FILTER__ environment variable which
48 is the argument of 'grep -vE' applied to the output of the
49 __mount__ command. In other words, the value of
50 __CHECKSECURITY_FILTER__ is a regular expression that
51 removes matching lines from those file systems that will be
52 scanned. The default value removes all file systems of type
53 ''proc, msdos, iso9660, ncpfs, nfs, afs, smbfs, auto, ntfs,
54 coda'' file systems, anything mounted on /dev/fd*,
55 anything mounted on /mnt or /amd, and anything mounted with
56 option nosuid or noexec.
57
58
59 The __checksecurity.conf__ file is sourced from
60 __checksecurity,__ so you could do some fairly tricky
61 things to define __CHECKSECURITY_FILTER__.
62
63
64 The __CHECKSECURITY_NOFINDERRORS__ environment variable,
65 if set to the literal
66 __/dev/null__ ).
67
68
69 The __CHECKSECURITY_DISABLE__ environment variable, if
70 set to the literal
71 __
72
73
74 The __CHECKSECURITY_NONFSAFS__ environment variable, if
75 set to the literal
76 __nfs'' and ''afs'' file systems that are
77 mounted without the ''nodev'' and either the
78 ''noexec'' or ''nosuid'' options.
79
80
81 If set, the __CHECKSECURITY_EMAIL__ variable defines who
82 is sent a copy of the setuid.changes file.
83
84
85 The __CHECKSECURITY_DEVICEFILTER__ variable specifies a
86 __find__ clause for which matching block and character
87 device files will not be monitored for changing owners and
88 permissions. For example, if you didn't want to check for
89 permission changes on tty device files beneath /dev, you
90 could set the following:
91
92
93 CHECKSECURITY_DEVICEFILTER='-path /dev/tty*'
94
95
96 Note that any added or modified suid programs under that
97 path would still be detected. If you want to specify
98 multiple expressions, separate them with '-o', but there is
99 no need to surround the whole clause with parentheses. To
100 disable this filter, specify it as
101
102
103 The __CHECKSECURITY_PATHFILTER__ variable specifies a
104 __find__ clause which will be pruned from the search
105 path. __This means that the entire subtree will be
106 completely skipped.__ Thus, specifying
107
108
109 CHECKSECURITY_PATHFILTER='-path /var/ftp'
110
111
112 then the entire /var/ftp tree will be skipped. To disable
113 this filter, specify it as '-false' (which is the
114 default).
115
116
117 __LOGDIR__ sets the name of the directory which stores
118 the files which track the permission and ownership changes.
119 By default, they are in __/var/log__.
120 !!FILES
121
122
123 ''/etc/checksecurity.conf''
124
125
126 checksecurity configuration file
127
128
129 ''/var/log/setuid.today''
130
131
132 setuid files from the most recent run
133
134
135 ''/var/log/setuid.yesterday''
136
137
138 setuid files from the previous run
139 ----
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.