Date: Thu, 20 Dec 2007 16:20:32 -0800 From: jekillen <jekillen@prodigy.net> To: "Kurt Buff" <kurt.buff@gmail.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: e-mail to root Message-ID: <b2d89b8e05121098f82288f4b68d12a2@prodigy.net> In-Reply-To: <a9f4a3860712191930h5c5237e0k966dd3b7ff7ae89c@mail.gmail.com> References: <e4f5c90ff64ee7b4d210d5597ff25e33@prodigy.net> <a9f4a3860712191930h5c5237e0k966dd3b7ff7ae89c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 19, 2007, at 7:30 PM, Kurt Buff wrote: > On Dec 19, 2007 6:54 PM, jekillen <jekillen@prodigy.net> wrote: >> Hello: >> Is there a manual or other publication that deals specifically with >> reading e-mail messages to root for FreeBSD? I have gotten a >> message: >> >> setuid diffs: >> --- /var/log/setuid.today Sat Sep 8 03:01:34 2007 >> +++ /tmp/security.9Jz0CWds Wed Dec 19 03:01:38 2007 >> >> followed by references to various programs >> >> then the next segment: >> Checking for a current audit database: >> >> Downloading fresh database. >> auditfile.tbz 46 kB 42 >> kBps >> New database installed. >> Database created: Wed Dec 19 14:40:00 PST 2007 >> >> Checking for packages with security vulnerabilities: >> >> followed by numerous references to programs and >> files on the FreeBSD site. >> >> and I do not know quite what this means. > > It means that you have portaudit installed, and it's run as part of > the daily scripts. That's a good thing. > > I'd recommend consulting the portaudit man page > > What it's found are packages on your machine that have security > bulletins against them - that is, the packages named have > vulnerabilities known to the FreeBSD Security team, which they believe > should be patched. There's a link to the bulletin for each one - I > think you'll find it enlightening to read some or all of them. > > I'd do a 'pkg_add -r portupgrade' to install that package, do a cvsup > to get a current ports tree, then assess, very carefully, what you > want to upgrade. IMHO all of the packages mentioned should probably > get upgraded, unless you have *exceptional* reasons not to. > > To upgrade you can do 'portupgrade <packagename>' for each package > named, or if you're feeling bold, 'portupgrade -aRr'. > >> I know that setuid is cause >> for concern. I have three other machines with FreeBSD, with one >> going back over a year of virtually continuous 24/7 operation and >> this is the first time I have seen this type of message. For the >> programs >> reported with security problems it begs the question of dependencies >> if they are removed or updated. Some references are to cups and >> fetchmail >> neither of which I use or have use for, that I am aware of. > > Portupgrade will take care of dependencies. No worries, though you > should also peruse the man page for portupgrade to get your knowledge > up. > >> This >> particular >> machine is primarily a web server. It does have Postfix running but >> just >> uses local delivery and only listens on private network interface. >> I am also a little dubious about posting any specifics to a public >> mailing >> list. >> I am admittedly a novice at this (on all my own systems so no one >> else's behind is on the line). Short of paying consultation fees to >> someone, this is about the only live contact I have on the subject. >> Thanks in advance for info: > > We were all novices - I still am, in far too many ways. Don't sweat > it, and keep asking questions. Also, start reading the FreeBSD > Handbook - it's online, and also downloadable, and covers this very > topic. > > Kurt > Thank you kindly for the info; I have been reading the handbook. I have it installed as html on my everyday work machine. Having a web server on localhost is great. It does cover portupgrade, portsnap, ports and all that but it was just the e-mails to root that had me confused. Does this also cover the setuid question also? I also have the new Absolute FreeBSD, and the hard copy manual obtained through FreeBSD Mall. I had a problem with e-mail messages to root some time ago that were showing up every 11 minutes. I look into crontab and found one script that was set to run every 11 minutes. I opened the script file and read the authors e-mail address and sent him an e-mail on the problem. He responded scolding me for putting commands in rc.conf. Sure enough, though I did not have explicit commands in it, I did have the syntax wrong. Who would have guess that a script dealing with entropy would complain because of problems with rc.conf? That is an example of question that might arise that could use some specific coverage in documentation. Jeff K
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b2d89b8e05121098f82288f4b68d12a2>