From owner-freebsd-questions@FreeBSD.ORG Thu Dec 20 03:30:12 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 30C1816A418 for ; Thu, 20 Dec 2007 03:30:12 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.186]) by mx1.freebsd.org (Postfix) with ESMTP id C7B5613C44B for ; Thu, 20 Dec 2007 03:30:11 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: by rv-out-0910.google.com with SMTP id l15so3288367rvb.43 for ; Wed, 19 Dec 2007 19:30:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=aynehwH4LtlUUdwnnC35xSPWb0swtTQc9FFS2wDBkgc=; b=Lcp0mrb84P/7FQCxVu+itaJL5nZAVExz0JNd/bYeYlw4e2U0Yjil80N2u7bYKbb0ampXEe4dx7d0vYgeBT4bK3ySCQx3T91QR/scLpFPSTYo0l7ElJsB2AIVEynKXN4aF7Hb+OSTQOxyS+sO2niNiqS2IlDbQZs/R0HQzFHvGmM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=o8kTtk0dK9Fi+JQm97d5ii9v2nX7HJrXYE88p8poYVVhng1oYYPilmbjqjT+vAuBjTDgkahwsyofUTG/Gj2A7uQnaLrwyFKny6IduOAHf/dVmMBj7kPSeX1WbjaX3fMAbfZ8D7q4kltDhncQWkbsb5YPi+5VGMkEY8z/0H5FPNI= Received: by 10.141.22.1 with SMTP id z1mr3768146rvi.277.1198121410981; Wed, 19 Dec 2007 19:30:10 -0800 (PST) Received: by 10.140.166.14 with HTTP; Wed, 19 Dec 2007 19:30:11 -0800 (PST) Message-ID: Date: Wed, 19 Dec 2007 19:30:11 -0800 From: "Kurt Buff" To: jekillen In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Cc: FreeBSD Mailing List Subject: Re: e-mail to root X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Dec 2007 03:30:12 -0000 On Dec 19, 2007 6:54 PM, jekillen wrote: > Hello: > Is there a manual or other publication that deals specifically with > reading e-mail messages to root for FreeBSD? I have gotten a > message: > > setuid diffs: > --- /var/log/setuid.today Sat Sep 8 03:01:34 2007 > +++ /tmp/security.9Jz0CWds Wed Dec 19 03:01:38 2007 > > followed by references to various programs > > then the next segment: > Checking for a current audit database: > > Downloading fresh database. > auditfile.tbz 46 kB 42 kBps > New database installed. > Database created: Wed Dec 19 14:40:00 PST 2007 > > Checking for packages with security vulnerabilities: > > followed by numerous references to programs and > files on the FreeBSD site. > > and I do not know quite what this means. It means that you have portaudit installed, and it's run as part of the daily scripts. That's a good thing. I'd recommend consulting the portaudit man page What it's found are packages on your machine that have security bulletins against them - that is, the packages named have vulnerabilities known to the FreeBSD Security team, which they believe should be patched. There's a link to the bulletin for each one - I think you'll find it enlightening to read some or all of them. I'd do a 'pkg_add -r portupgrade' to install that package, do a cvsup to get a current ports tree, then assess, very carefully, what you want to upgrade. IMHO all of the packages mentioned should probably get upgraded, unless you have *exceptional* reasons not to. To upgrade you can do 'portupgrade ' for each package named, or if you're feeling bold, 'portupgrade -aRr'. > I know that setuid is cause > for concern. I have three other machines with FreeBSD, with one > going back over a year of virtually continuous 24/7 operation and > this is the first time I have seen this type of message. For the > programs > reported with security problems it begs the question of dependencies > if they are removed or updated. Some references are to cups and > fetchmail > neither of which I use or have use for, that I am aware of. Portupgrade will take care of dependencies. No worries, though you should also peruse the man page for portupgrade to get your knowledge up. > This > particular > machine is primarily a web server. It does have Postfix running but just > uses local delivery and only listens on private network interface. > I am also a little dubious about posting any specifics to a public > mailing > list. > I am admittedly a novice at this (on all my own systems so no one > else's behind is on the line). Short of paying consultation fees to > someone, this is about the only live contact I have on the subject. > Thanks in advance for info: We were all novices - I still am, in far too many ways. Don't sweat it, and keep asking questions. Also, start reading the FreeBSD Handbook - it's online, and also downloadable, and covers this very topic. Kurt