From owner-freebsd-security Sun Aug 29 10:12:37 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 0F24B1579E for ; Sun, 29 Aug 1999 10:12:29 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id KAA62658; Sun, 29 Aug 1999 10:11:02 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199908291711.KAA62658@gndrsh.dnsmgr.net> Subject: Re: daily security run- passwordless accounts In-Reply-To: <199908291700.NAA05209@cc942873-a.ewndsr1.nj.home.com> from "Crist J. Clark" at "Aug 29, 1999 01:00:22 pm" To: cjclark@home.com Date: Sun, 29 Aug 1999 10:11:02 -0700 (PDT) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Since someone brought up small, but somewhat annoying, messages that > repeatedly pop up in the default daily security run, I thought I'd add > my own little pet peeve and see if anyone else felt the same way. > > As it is setup now, the default /etc/security script (for 3.x, not > 2.2.x) checks for "passwordless" accounts by a simple awk command. The > problem I have is that this setup will flag my NIS entries every time, > > +::::::::: ... > Anyone have strong opinions whether something like that should be made > the default or not? Not the default, but your filter should be turned on if nis is turned on in /etc/rc.conf* or /etc/defaults/rc.*. The periodic scripts need to be taught much more about the environment they are running in. One way to do this would be to suck in /etc/defaults/rc.conf and use the variables in there to decide just what parts of periodic jobs apply. I don't really care about rwho hosts, I don't run rwho, very few people do, also 430.status-rwho assumes I am not running rwho if it finds an empty /var/rwho, which may be wrong, I just might not have seen any hosts yet, or some miscrepant may be cleaning the directory out. This is only one of many examples that could be fixed if these jobs learned about the control knobs from rc.conf. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message