Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
checksecurity(8)
Edit
PageHistory
Diff
Info
LikePages
CHECKSECURITY !!!CHECKSECURITY NAME SYNOPSIS DESCRIPTION CONFIGURATION FILES ---- !!NAME checksecurity - check for changes to setuid programs !!SYNOPSIS __checksecurity__ !!DESCRIPTION The __checksecurity__ command scans the mounted files systems (subject to the filter defined in /etc/checksecurity.conf) and compares the list of setuid programs to the list created on the previous run. Any changes are printed to standard output. Also, it generates a list of ''nfs'' and ''afs'' filesystems that are mounted insecurely (i.e. they are missing the ''nodev'' and either the ''noexec'' or ''nosuid'' flags). __checksecurity__ is run by __cron__ on a daily basis, and the output stored in /var/log/setuid.changes. !!CONFIGURATION The __checksecurity.conf__ file defines several configuration variables: __CHECKSECURITY_FILTER__, __CHECKSECURITY_NOFINDERRORS__, __CHECKSECURITY_DISABLE__, __CHECKSECURITY_NONFSAFS__, __CHECKSECURITY_EMAIL__, __CHECKSECURITY_DEVICEFILTER__, __CHECKSECURITY_PATHFILTER__, and __LOGDIR__. Each is described below. The __CHECKSECURITY_FILTER__ environment variable which is the argument of 'grep -vE' applied to the output of the __mount__ command. In other words, the value of __CHECKSECURITY_FILTER__ is a regular expression that removes matching lines from those file systems that will be scanned. The default value removes all file systems of type ''proc, msdos, iso9660, ncpfs, nfs, afs, smbfs, auto, ntfs, coda'' file systems, anything mounted on /dev/fd*, anything mounted on /mnt or /amd, and anything mounted with option nosuid or noexec. The __checksecurity.conf__ file is sourced from __checksecurity,__ so you could do some fairly tricky things to define __CHECKSECURITY_FILTER__. The __CHECKSECURITY_NOFINDERRORS__ environment variable, if set to the literal __/dev/null__ ). The __CHECKSECURITY_DISABLE__ environment variable, if set to the literal __ The __CHECKSECURITY_NONFSAFS__ environment variable, if set to the literal __nfs'' and ''afs'' file systems that are mounted without the ''nodev'' and either the ''noexec'' or ''nosuid'' options. If set, the __CHECKSECURITY_EMAIL__ variable defines who is sent a copy of the setuid.changes file. The __CHECKSECURITY_DEVICEFILTER__ variable specifies a __find__ clause for which matching block and character device files will not be monitored for changing owners and permissions. For example, if you didn't want to check for permission changes on tty device files beneath /dev, you could set the following: CHECKSECURITY_DEVICEFILTER='-path /dev/tty*' Note that any added or modified suid programs under that path would still be detected. If you want to specify multiple expressions, separate them with '-o', but there is no need to surround the whole clause with parentheses. To disable this filter, specify it as The __CHECKSECURITY_PATHFILTER__ variable specifies a __find__ clause which will be pruned from the search path. __This means that the entire subtree will be completely skipped.__ Thus, specifying CHECKSECURITY_PATHFILTER='-path /var/ftp' then the entire /var/ftp tree will be skipped. To disable this filter, specify it as '-false' (which is the default). __LOGDIR__ sets the name of the directory which stores the files which track the permission and ownership changes. By default, they are in __/var/log__. !!FILES ''/etc/checksecurity.conf'' checksecurity configuration file ''/var/log/setuid.today'' setuid files from the most recent run ''/var/log/setuid.yesterday'' setuid files from the previous run ----
One page links to
checksecurity(8)
:
Man8c
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.
