Date: Sun, 29 Aug 1999 10:11:02 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: cjclark@home.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: daily security run- passwordless accounts Message-ID: <199908291711.KAA62658@gndrsh.dnsmgr.net> In-Reply-To: <199908291700.NAA05209@cc942873-a.ewndsr1.nj.home.com> from "Crist J. Clark" at "Aug 29, 1999 01:00:22 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Since someone brought up small, but somewhat annoying, messages that > repeatedly pop up in the default daily security run, I thought I'd add > my own little pet peeve and see if anyone else felt the same way. > > As it is setup now, the default /etc/security script (for 3.x, not > 2.2.x) checks for "passwordless" accounts by a simple awk command. The > problem I have is that this setup will flag my NIS entries every time, > > +::::::::: ... > Anyone have strong opinions whether something like that should be made > the default or not? Not the default, but your filter should be turned on if nis is turned on in /etc/rc.conf* or /etc/defaults/rc.*. The periodic scripts need to be taught much more about the environment they are running in. One way to do this would be to suck in /etc/defaults/rc.conf and use the variables in there to decide just what parts of periodic jobs apply. I don't really care about rwho hosts, I don't run rwho, very few people do, also 430.status-rwho assumes I am not running rwho if it finds an empty /var/rwho, which may be wrong, I just might not have seen any hosts yet, or some miscrepant may be cleaning the directory out. This is only one of many examples that could be fixed if these jobs learned about the control knobs from rc.conf. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908291711.KAA62658>