Date: Thu, 20 Dec 2007 16:20:32 -0800 From: jekillen <jekillen@prodigy.net> To: "Kurt Buff" <kurt.buff@gmail.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: e-mail to root Message-ID: <b2d89b8e05121098f82288f4b68d12a2@prodigy.net> In-Reply-To: <a9f4a3860712191930h5c5237e0k966dd3b7ff7ae89c@mail.gmail.com> References: <e4f5c90ff64ee7b4d210d5597ff25e33@prodigy.net> <a9f4a3860712191930h5c5237e0k966dd3b7ff7ae89c@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
On Dec 19, 2007, at 7:30 PM, Kurt Buff wrote: > On Dec 19, 2007 6:54 PM, jekillen <jekillen@prodigy.net> wrote: >> Hello: >> Is there a manual or other publication that deals specifically with >> reading e-mail messages to root for FreeBSD? I have gotten a >> message: >> >> setuid diffs: >> --- /var/log/setuid.today Sat Sep 8 03:01:34 2007 >> +++ /tmp/security.9Jz0CWds Wed Dec 19 03:01:38 2007 >> >> followed by references to various programs >> >> then the next segment: >> Checking for a current audit database: >> >> Downloading fresh database. >> auditfile.tbz 46 kB 42 >> kBps >> New database installed. >> Database created: Wed Dec 19 14:40:00 PST 2007 >> >> Checking for packages with security vulnerabilities: >> >> followed by numerous references to programs and >> files on the FreeBSD site. >> >> and I do not know quite what this means. > > It means that you have portaudit installed, and it's run as part of > the daily scripts. That's a good thing. > > I'd recommend consulting the portaudit man page > > What it's found are packages on your machine that have security > bulletins against them - that is, the packages named have > vulnerabilities known to the FreeBSD Security team, which they believe > should be patched. There's a link to the bulletin for each one - I > think you'll find it enlightening to read some or all of them. > > I'd do a 'pkg_add -r portupgrade' to install that package, do a cvsup > to get a current ports tree, then assess, very carefully, what you > want to upgrade. IMHO all of the packages mentioned should probably > get upgraded, unless you have *exceptional* reasons not to. > > To upgrade you can do 'portupgrade <packagename>' for each package > named, or if you're feeling bold, 'portupgrade -aRr'. > >> I know that setuid is cause >> for concern. I have three other machines with FreeBSD, with one >> going back over a year of virtually continuous 24/7 operation and >> this is the first time I have seen this type of message. For the >> programs >> reported with security problems it begs the question of dependencies >> if they are removed or updated. Some references are to cups and >> fetchmail >> neither of which I use or have use for, that I am aware of. > > Portupgrade will take care of dependencies. No worries, though you > should also peruse the man page for portupgrade to get your knowledge > up. > >> This >> particular >> machine is primarily a web server. It does have Postfix running but >> just >> uses local delivery and only listens on private network interface. >> I am also a little dubious about posting any specifics to a public >> mailing >> list. >> I am admittedly a novice at this (on all my own systems so no one >> else's behind is on the line). Short of paying consultation fees to >> someone, this is about the only live contact I have on the subject. >> Thanks in advance for info: > > We were all novices - I still am, in far too many ways. Don't sweat > it, and keep asking questions. Also, start reading the FreeBSD > Handbook - it's online, and also downloadable, and covers this very > topic. > > Kurt > Thank you kindly for the info; I have been reading the handbook. I have it installed as html on my everyday work machine. Having a web server on localhost is great. It does cover portupgrade, portsnap, ports and all that but it was just the e-mails to root that had me confused. Does this also cover the setuid question also? I also have the new Absolute FreeBSD, and the hard copy manual obtained through FreeBSD Mall. I had a problem with e-mail messages to root some time ago that were showing up every 11 minutes. I look into crontab and found one script that was set to run every 11 minutes. I opened the script file and read the authors e-mail address and sent him an e-mail on the problem. He responded scolding me for putting commands in rc.conf. Sure enough, though I did not have explicit commands in it, I did have the syntax wrong. Who would have guess that a script dealing with entropy would complain because of problems with rc.conf? That is an example of question that might arise that could use some specific coverage in documentation. Jeff Khelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b2d89b8e05121098f82288f4b68d12a2>