Commit Graph

20 Commits

Author SHA1 Message Date
adrianp 67b08a07ec The location of the pkg_info binary can now be specified in /etc/security.conf.
The default remains as /usr/sbin/pkg_info.  This should fix PR# 36746.
2007-08-27 19:57:02 +00:00
jnemeth 1c35d39ad7 PR/36732 - Jim Bernard -- delete /usr/libexec/uucp/uucico from list of shells 2007-08-05 00:10:37 +00:00
lukem 6d23caf285 Implement check_devices_ignore_paths, which is a list of paths to
avoid traversing during check_devices.
2006-05-25 02:38:10 +00:00
jdolecek dbfcc2f3c5 don't check ntfs and msdosfs for devices/set[ug]id files; neither of those
are supported on the filesystem, so no need for checking

PR: 33092 by Aleksey Cheusov
2006-04-01 17:13:19 +00:00
perry 9e84da172c Make max_loginlen and max_grouplen 16.
We've handled 16 character logins for quite some time, and we even
have packages that create >8 character accounts. There is no point in
pretending the limit is 8 any more by default.

Discussed (very lightly -- there was little comment) on tech-userlevel
2005-08-22 14:09:23 +00:00
christos 4aafff6cc5 it makes no sense to check ptyfs for new and gone devices. From Rui Paulo,
many thanks.
2005-05-12 14:02:05 +00:00
jdolecek 8e401e6c31 add a check_passwd_permin_nonalpha option, which changes the passwd
test to permit non-alphanumeric characters in login names
2005-02-05 15:26:37 +00:00
erh 7da8bb106d PR misc/7716: add configuration options find_core_ignore_fstypes and
check_devices_ignore_fstypes to allow the filesystem types that are
ignored during the daily and security runs to be adjusted.
2004-09-28 15:03:58 +00:00
jhawk 4828bcfb5b check_homes_permit_usergroups=NO 2003-11-18 03:21:40 +00:00
jhawk 1d79603c81 Use $diff_options when running diff in /etc/security.
Default diff_options to -u, for unified-format context diffs,
because context is essential to a useful evaluation of differences.
This represents a behavior change.

Implements change-request PR security/17247 from
Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
2003-02-21 22:47:51 +00:00
jhawk 687107d3c0 Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set.
Apparently mtree -L is imperfect, but it is far better than the lack thereof
if symlinks are involved reaching files mtree verifies.
2003-02-13 02:42:06 +00:00
jhawk 1a4c8c0295 Add some flexibility to /etc/security, by way of security.conf options:
check_passwd_nowarn_shells	Don't warn about these non-/etc/shells shells
  check_passwd_nowarn_users	Don't warn about these users
  check_passwd_permit_star	Don't warn about "*" in the $2 field
Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and
  /usr/libexec/uucp/uucico, so that it will not warn about the default
  master.passwd.
The rationale here is that an administrator who chooses to permit these
  warnable conditions should not be warned about them day after day, yet
  should not be forced to disable check_passwd entirely.
check_passwd_permit_star is primarily of interest to sites who use *'d
  entries for Kerberos or ssh logins, despite the fact that we permit
  "*ssh" (etc.) for this purpose (legacy).
2003-02-13 01:55:10 +00:00
lukem 8c4fc91c36 replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir" 2001-10-03 15:41:25 +00:00
atatat 9202500182 Add a chunk of code to check the installed pkgs list by making a list
of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if
they have one) and handling this file along with all the other
CHANGELIST stuff.

Greg Woods gets points for coming up with the idea.

Luke Mewburn asked me to do it, and provided lots of criticism along
the way.
2001-10-01 02:21:20 +00:00
atatat 2811b1707a Provide the capability of storing backups via RCS instead of just a
"current" and a "last" (which is useless if you wanna know what you
changed last week).  Set the default to on.
2001-04-04 03:17:19 +00:00
hubertf efc93d040b Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's
some risk that the users don't get warned if an admin turns off running
/etc/security (by putting run_security=no into daily.conf).

Fixes PR 12267.
2001-03-15 02:23:47 +00:00
jdolecek 4ceebb1156 Introduce max_grouplen - this determines the maximum permitted length
of group names, similarily to max_loginlen
2001-02-11 09:55:09 +00:00
abs 6258e0bf60 Add a new variable 'backup_dir', which can be used to change the backup
directory from /var/backup (useful for those of us who have a separate /var
and would like to have our backup disklabels on the root filesystem).
Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
2001-01-09 17:30:29 +00:00
lukem 2775f3b901 remind people to edit /etc/*.conf instead of /etc/defaults/*.conf 2000-11-08 23:17:50 +00:00
lukem 6d52152500 move default config files from /etc/default -> /etc/defaults, to be
consistent with what FreeBSD uses /etc/defaults for and since SVR4
uses /etc/default for another purpose. as discussed on tech-userlevel,
and no objections were made.
2000-10-01 05:46:03 +00:00