[Durham] msec recommendations

Martin Ward martin at gkc.org.uk
Fri Jul 26 12:22:57 UTC 2013

Newer versions of GNU/Linux have a security scanner called msec
which seems to be rather "chatty" with the default settings.

For example, it complains about the permissions of davfs2's home
directory (which is /var/run/mount.davfs2), and lists all the open
ports every day. It also complains about sticky directories
such as /tmp/.font-unix and /var/lock/gkrellm being world-writable:
which is how they are designed to work.

I am inclined to just disable it, but it would be useful if it could 
be configured to send email only if something was actually wrong!


STRL Reader in Software Engineering and Royal Society Industry Fellow
martin at gkc.org.uk  http://www.cse.dmu.ac.uk/~mward/  Erdos number: 4
G.K.Chesterton web site: http://www.cse.dmu.ac.uk/~mward/gkc/
Mirrors:  http://www.gkc.org.uk  and  http://www.gkc.org.uk/gkc

More information about the Durham mailing list