Date: Mon, 26 Aug 1996 00:30:02 -0700 (PDT) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-bugs Subject: Re: misc/1538: new /etc/security script Message-ID: <199608260730.AAA24874@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/1538; it has been noted by GNATS.
From: J Wunsch <j@uriah.heep.sax.de>
To: Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: misc/1538: new /etc/security script
Date: Sun, 25 Aug 1996 11:47:30 +0200 (MET DST)
As pirzyk@faf.disney.com wrote:
> *** /etc/security Sat Aug 24 16:00:46 1996
> --- /etc/security.bak Thu Nov 16 04:58:43 1995
(Btw., your patch is reversed. Not a big deal, but i thought i'd
mention it.)
> - echo ""
> - echo ""
> - echo "checking for accounts without passwords:"
> - awk -F: '$2=="" && $1 != "+" {print $1}' /etc/master.passwd
This is a matter of local policy and not always unwanted. So i'd
leave this commented in the script, up to the local admin to enable it
if he wants.
> - echo "checking for block & character device files not in /dev:"
> - find / -fstype local -name /dev -prune \( -type b -o -type c \) -exec ls -l {} \; | awk '{ print; }'
> -
What i don't like with these approaches is that there are multiple
find's walking down the disk twice or more each night. This will only
increase the sales volume of disk vendors... Instead, we should run
*one* find, selecting all the desired items, and post-process its
output for the various actions.
--
cheers, J"org
joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608260730.AAA24874>