From owner-freebsd-security Wed Oct 4 11:27:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 6E17237B66D for ; Wed, 4 Oct 2000 11:27:31 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id OAA08418; Wed, 4 Oct 2000 14:27:25 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Wed, 4 Oct 2000 14:27:25 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: cjclark@alum.mit.edu Cc: freebsd-security@freebsd.org Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL In-Reply-To: <20001004084729.C25121@149.211.6.64.reflexcom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Check permission to who/w/last (need sgid uwtmp group) and reboot your > system . newsyslog.conf must be updated for this remain in effect more than a month; after that, newsyslog will rotate the wtmp log and chmod it to be world readable: /var/log/wtmp 644 3 * @01T05 B Similarly, utmp will be chmod'd each boot as part of clean_var() in /etc/rc: /etc/rc: (cd /var/run && cp /dev/null utmp && chmod 644 utmp;) I haven't read the patches so can't comment on their correctness. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message