From owner-freebsd-questions@FreeBSD.ORG Fri Dec 21 00:18:56 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CF42216A41A for ; Fri, 21 Dec 2007 00:18:56 +0000 (UTC) (envelope-from jekillen@prodigy.net) Received: from smtp104.sbc.mail.mud.yahoo.com (smtp104.sbc.mail.mud.yahoo.com [68.142.198.203]) by mx1.freebsd.org (Postfix) with SMTP id A1D5713C47E for ; Fri, 21 Dec 2007 00:18:56 +0000 (UTC) (envelope-from jekillen@prodigy.net) Received: (qmail 35437 invoked from network); 21 Dec 2007 00:18:55 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=prodigy.net; h=Received:X-YMail-OSG:In-Reply-To:References:Mime-Version:Content-Type:Message-Id:Content-Transfer-Encoding:Cc:From:Subject:Date:To:X-Mailer; b=FIJw6vw48eFGFY1PzOmrkK23VuPCZOHdVZTmGIvVG8UwI3JfZCJjAKcU1vf2f2KOxBbiIYnGEiMv/PkeVm9oBBEl8EDgXtVmSvkKK1WZ6R6cFlZ7J8UOzkXMnQnAmoDgI+q2trP8uopw8ETZT03EngFvGu+2fYKZsLst7hdUz1Q= ; Received: from unknown (HELO ?75.7.236.228?) (jekillen@prodigy.net@75.7.236.228 with plain) by smtp104.sbc.mail.mud.yahoo.com with SMTP; 21 Dec 2007 00:18:55 -0000 X-YMail-OSG: jVm3YJ4VM1kTY8gylsBjwKIjlYeGqSMjhQo3uv2naduPuTPcZ_G5.z7.D1J0HNCpdCb7XKFU1A-- In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: jekillen Date: Thu, 20 Dec 2007 16:20:32 -0800 To: "Kurt Buff" X-Mailer: Apple Mail (2.622) Cc: FreeBSD Mailing List Subject: Re: e-mail to root X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Dec 2007 00:18:57 -0000 On Dec 19, 2007, at 7:30 PM, Kurt Buff wrote: > On Dec 19, 2007 6:54 PM, jekillen wrote: >> Hello: >> Is there a manual or other publication that deals specifically with >> reading e-mail messages to root for FreeBSD? I have gotten a >> message: >> >> setuid diffs: >> --- /var/log/setuid.today Sat Sep 8 03:01:34 2007 >> +++ /tmp/security.9Jz0CWds Wed Dec 19 03:01:38 2007 >> >> followed by references to various programs >> >> then the next segment: >> Checking for a current audit database: >> >> Downloading fresh database. >> auditfile.tbz 46 kB 42 >> kBps >> New database installed. >> Database created: Wed Dec 19 14:40:00 PST 2007 >> >> Checking for packages with security vulnerabilities: >> >> followed by numerous references to programs and >> files on the FreeBSD site. >> >> and I do not know quite what this means. > > It means that you have portaudit installed, and it's run as part of > the daily scripts. That's a good thing. > > I'd recommend consulting the portaudit man page > > What it's found are packages on your machine that have security > bulletins against them - that is, the packages named have > vulnerabilities known to the FreeBSD Security team, which they believe > should be patched. There's a link to the bulletin for each one - I > think you'll find it enlightening to read some or all of them. > > I'd do a 'pkg_add -r portupgrade' to install that package, do a cvsup > to get a current ports tree, then assess, very carefully, what you > want to upgrade. IMHO all of the packages mentioned should probably > get upgraded, unless you have *exceptional* reasons not to. > > To upgrade you can do 'portupgrade ' for each package > named, or if you're feeling bold, 'portupgrade -aRr'. > >> I know that setuid is cause >> for concern. I have three other machines with FreeBSD, with one >> going back over a year of virtually continuous 24/7 operation and >> this is the first time I have seen this type of message. For the >> programs >> reported with security problems it begs the question of dependencies >> if they are removed or updated. Some references are to cups and >> fetchmail >> neither of which I use or have use for, that I am aware of. > > Portupgrade will take care of dependencies. No worries, though you > should also peruse the man page for portupgrade to get your knowledge > up. > >> This >> particular >> machine is primarily a web server. It does have Postfix running but >> just >> uses local delivery and only listens on private network interface. >> I am also a little dubious about posting any specifics to a public >> mailing >> list. >> I am admittedly a novice at this (on all my own systems so no one >> else's behind is on the line). Short of paying consultation fees to >> someone, this is about the only live contact I have on the subject. >> Thanks in advance for info: > > We were all novices - I still am, in far too many ways. Don't sweat > it, and keep asking questions. Also, start reading the FreeBSD > Handbook - it's online, and also downloadable, and covers this very > topic. > > Kurt > Thank you kindly for the info; I have been reading the handbook. I have it installed as html on my everyday work machine. Having a web server on localhost is great. It does cover portupgrade, portsnap, ports and all that but it was just the e-mails to root that had me confused. Does this also cover the setuid question also? I also have the new Absolute FreeBSD, and the hard copy manual obtained through FreeBSD Mall. I had a problem with e-mail messages to root some time ago that were showing up every 11 minutes. I look into crontab and found one script that was set to run every 11 minutes. I opened the script file and read the authors e-mail address and sent him an e-mail on the problem. He responded scolding me for putting commands in rc.conf. Sure enough, though I did not have explicit commands in it, I did have the syntax wrong. Who would have guess that a script dealing with entropy would complain because of problems with rc.conf? That is an example of question that might arise that could use some specific coverage in documentation. Jeff K