From owner-freebsd-security  Wed May 10 12:21:41 2000
Delivered-To: freebsd-security@freebsd.org
Received: from pawn.primelocation.net (pawn.primelocation.net [205.161.238.235])
	by hub.freebsd.org (Postfix) with ESMTP id 16D1F37B8EA
	for <security@freebsd.org>; Wed, 10 May 2000 12:21:33 -0700 (PDT)
	(envelope-from cdf.lists@fxp.org)
Received: by pawn.primelocation.net (Postfix, from userid 1016)
	id 7D3BF9B1D; Wed, 10 May 2000 15:21:30 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
	by pawn.primelocation.net (Postfix) with ESMTP
	id 70E5EBA0F; Wed, 10 May 2000 15:21:30 -0400 (EDT)
Date: Wed, 10 May 2000 15:21:30 -0400 (EDT)
From: "Chris D. Faulhaber" <jedgar@fxp.org>
X-Sender: cdf.lists@pawn.primelocation.net
To: Mike Silbersack <silby@silby.com>
Cc: Peter van Dijk <petervd@vuurwerk.nl>, security@freebsd.org
Subject: Re: envy.vuurwerk.nl daily run output
In-Reply-To: <Pine.BSF.4.21.0005101351400.26803-100000@achilles.silby.com>
Message-ID: <Pine.BSF.4.10.10005101518090.75557-100000@pawn.primelocation.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 10 May 2000, Mike Silbersack wrote:

> 
> On Tue, 9 May 2000, Peter van Dijk wrote:
> 
> > [snip]
> > 
> > Backup passwd and group files:
> > envy.vuurwerk.nl passwd diffs:
> > 3c3
> > < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash
> > ---
> > > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash
> > [snip]
> > 
> > This line needed some thinking from me until I realized that it was trying
> > to tell me the rootpassword changed (which I already knew, ofcourse). Could
> > this be made more obvious, something like (password1) in the top one and
> > (password2) in the bottom one?
> 
> This just got me thinking... are .ssh/authorized_keys files checked for
> changes by the security scripts?  I know I probably wouldn't notice for a
> long while if someone had modified mine, all the time during which someone
> could be playing around on the box.
> 

I don't think it is the system's responsibility to check user's files;
however, it might be a decent idea to have the system check to see
anything in /etc/ssh/ has changed.  See
http://www.fxp.org/~jedgar/230.backup-ssh for the script I use.

-----
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message