[Durham] msec recommendations
Martin Ward
martin at gkc.org.uk
Fri Jul 26 12:22:57 UTC 2013
Newer versions of GNU/Linux have a security scanner called msec
which seems to be rather "chatty" with the default settings.
For example, it complains about the permissions of davfs2's home
directory (which is /var/run/mount.davfs2), and lists all the open
ports every day. It also complains about sticky directories
such as /tmp/.font-unix and /var/lock/gkrellm being world-writable:
which is how they are designed to work.
I am inclined to just disable it, but it would be useful if it could
be configured to send email only if something was actually wrong!
--
Martin
STRL Reader in Software Engineering and Royal Society Industry Fellow
martin at gkc.org.uk http://www.cse.dmu.ac.uk/~mward/ Erdos number: 4
G.K.Chesterton web site: http://www.cse.dmu.ac.uk/~mward/gkc/
Mirrors: http://www.gkc.org.uk and http://www.gkc.org.uk/gkc
More information about the Durham
mailing list