112 lines
3.6 KiB
Groff
112 lines
3.6 KiB
Groff
|
.\" $NetBSD: security.conf.5,v 1.1 1997/01/05 11:50:18 mrg Exp $
|
||
|
.\"
|
||
|
.\" Copyright (c) 1996 Matthew R. Green
|
||
|
.\" All rights reserved.
|
||
|
.\"
|
||
|
.\" Redistribution and use in source and binary forms, with or without
|
||
|
.\" modification, are permitted provided that the following conditions
|
||
|
.\" are met:
|
||
|
.\" 1. Redistributions of source code must retain the above copyright
|
||
|
.\" notice, this list of conditions and the following disclaimer.
|
||
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||
|
.\" notice, this list of conditions and the following disclaimer in the
|
||
|
.\" documentation and/or other materials provided with the distribution.
|
||
|
.\" 3. All advertising materials mentioning features or use of this software
|
||
|
.\" must display the following acknowledgement:
|
||
|
.\" This product includes software developed by Matthew R. Green for
|
||
|
.\" the NetBSD Project.
|
||
|
.\" 4. The name of the author may not be used to endorse or promote products
|
||
|
.\" derived from this software without specific prior written permission.
|
||
|
.\"
|
||
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||
|
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||
|
.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||
|
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
||
|
.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||
|
.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||
|
.\" SUCH DAMAGE.
|
||
|
.\"
|
||
|
.Dd December 30, 1996
|
||
|
.Dt SECURITY.CONF 5
|
||
|
.Os NetBSD 1.3
|
||
|
.Sh NAME
|
||
|
.Nm security.conf
|
||
|
.Nd daily security check configuration file
|
||
|
.Sh DESCRIPTION
|
||
|
The
|
||
|
.Nm
|
||
|
file specifies which of the standard
|
||
|
.Pa /etc/security
|
||
|
services are performed. The
|
||
|
.Pa /etc/security
|
||
|
script is run, by default, every night from
|
||
|
.Pa /etc/daily ,
|
||
|
on a
|
||
|
.Nx
|
||
|
system, if configured do to so from
|
||
|
.Pa /etc/daily.conf .
|
||
|
.Pp
|
||
|
The variables described below can be set to "NO" to disable the test:
|
||
|
.Bl -tag -width check_network
|
||
|
.It Sy check_passwd
|
||
|
This checks the
|
||
|
.Pa /etc/master.passwd
|
||
|
file for inconsistancies.
|
||
|
.It Sy check_group
|
||
|
This checks the
|
||
|
.Pa /etc/group
|
||
|
file for inconsistancies.
|
||
|
.It Sy check_rootdotfiles
|
||
|
This checks the root users startup files for sane settings of $PATH
|
||
|
and umask. This test is not fail safe and any warning generated from
|
||
|
this should be checked for correctness.
|
||
|
.It Sy check_ftpusers
|
||
|
This checks that the correct users are in the
|
||
|
.Pa /etc/ftpusers
|
||
|
file.
|
||
|
.It Sy check_aliases
|
||
|
This checks for security problems in the
|
||
|
.Pa /etc/aliases
|
||
|
file.
|
||
|
.It Sy check_rhosts
|
||
|
This checks for system and user rhosts files with "+" in them.
|
||
|
.It Sy check_homes
|
||
|
This checks that home directories are owned by the correct user.
|
||
|
.It Sy check_varmail
|
||
|
This checks that the correct user owns mail in
|
||
|
.Pa /var/mail ,
|
||
|
and that the mail box has the right permissions.
|
||
|
.It Sy check_nfs
|
||
|
This checks that the
|
||
|
.Pa /etc/exports
|
||
|
file does not export filesystems to the world.
|
||
|
.It Sy check_devices
|
||
|
This checks for changes to devices and setuid files.
|
||
|
.It Sy check_mtree
|
||
|
This runs
|
||
|
.Xr mtree 8
|
||
|
to ensure that the system is installed correctly.
|
||
|
.It Sy check_changelist
|
||
|
This updates the list of files in
|
||
|
.Pa /etc/changelist
|
||
|
and their backups in
|
||
|
.Pa /var/backsups/file.current
|
||
|
and
|
||
|
.Pa /var/backsups/file.backup .
|
||
|
.El
|
||
|
.Pp
|
||
|
.Sh FILES
|
||
|
.Pa /etc/security
|
||
|
.Pa /etc/security.conf
|
||
|
.Sh SEE ALSO
|
||
|
.Xr daily.conf 5
|
||
|
.Sh HISTORY
|
||
|
The
|
||
|
.Nm
|
||
|
file appeared in
|
||
|
.Nx 1.3 .
|