NetBSD/share/man/man5/security.conf.5

112 lines
3.6 KiB
Groff
Raw Normal View History

.\" $NetBSD: security.conf.5,v 1.1 1997/01/05 11:50:18 mrg Exp $
.\"
.\" Copyright (c) 1996 Matthew R. Green
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by Matthew R. Green for
.\" the NetBSD Project.
.\" 4. The name of the author may not be used to endorse or promote products
.\" derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd December 30, 1996
.Dt SECURITY.CONF 5
.Os NetBSD 1.3
.Sh NAME
.Nm security.conf
.Nd daily security check configuration file
.Sh DESCRIPTION
The
.Nm
file specifies which of the standard
.Pa /etc/security
services are performed. The
.Pa /etc/security
script is run, by default, every night from
.Pa /etc/daily ,
on a
.Nx
system, if configured do to so from
.Pa /etc/daily.conf .
.Pp
The variables described below can be set to "NO" to disable the test:
.Bl -tag -width check_network
.It Sy check_passwd
This checks the
.Pa /etc/master.passwd
file for inconsistancies.
.It Sy check_group
This checks the
.Pa /etc/group
file for inconsistancies.
.It Sy check_rootdotfiles
This checks the root users startup files for sane settings of $PATH
and umask. This test is not fail safe and any warning generated from
this should be checked for correctness.
.It Sy check_ftpusers
This checks that the correct users are in the
.Pa /etc/ftpusers
file.
.It Sy check_aliases
This checks for security problems in the
.Pa /etc/aliases
file.
.It Sy check_rhosts
This checks for system and user rhosts files with "+" in them.
.It Sy check_homes
This checks that home directories are owned by the correct user.
.It Sy check_varmail
This checks that the correct user owns mail in
.Pa /var/mail ,
and that the mail box has the right permissions.
.It Sy check_nfs
This checks that the
.Pa /etc/exports
file does not export filesystems to the world.
.It Sy check_devices
This checks for changes to devices and setuid files.
.It Sy check_mtree
This runs
.Xr mtree 8
to ensure that the system is installed correctly.
.It Sy check_changelist
This updates the list of files in
.Pa /etc/changelist
and their backups in
.Pa /var/backsups/file.current
and
.Pa /var/backsups/file.backup .
.El
.Pp
.Sh FILES
.Pa /etc/security
.Pa /etc/security.conf
.Sh SEE ALSO
.Xr daily.conf 5
.Sh HISTORY
The
.Nm
file appeared in
.Nx 1.3 .