Date: Wed, 10 May 2000 15:21:30 -0400 (EDT) From: "Chris D. Faulhaber" <jedgar@fxp.org> To: Mike Silbersack <silby@silby.com> Cc: Peter van Dijk <petervd@vuurwerk.nl>, security@freebsd.org Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <Pine.BSF.4.10.10005101518090.75557-100000@pawn.primelocation.net> In-Reply-To: <Pine.BSF.4.21.0005101351400.26803-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 May 2000, Mike Silbersack wrote: > > On Tue, 9 May 2000, Peter van Dijk wrote: > > > [snip] > > > > Backup passwd and group files: > > envy.vuurwerk.nl passwd diffs: > > 3c3 > > < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > > --- > > > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > > [snip] > > > > This line needed some thinking from me until I realized that it was trying > > to tell me the rootpassword changed (which I already knew, ofcourse). Could > > this be made more obvious, something like (password1) in the top one and > > (password2) in the bottom one? > > This just got me thinking... are .ssh/authorized_keys files checked for > changes by the security scripts? I know I probably wouldn't notice for a > long while if someone had modified mine, all the time during which someone > could be playing around on the box. > I don't think it is the system's responsibility to check user's files; however, it might be a decent idea to have the system check to see anything in /etc/ssh/ has changed. See http://www.fxp.org/~jedgar/230.backup-ssh for the script I use. ----- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10005101518090.75557-100000>