* Micah Anderson (firstname.lastname@example.org) [010921 10:23]: > I was thinking it would be nice to see what sort of new setuid > programs show up on my box each day... then I noticed that these are > already being logged in /var/log/setuid.today and > /var/log/setuid.yesterday. What makes these? It appears they come from > /etc/cron.daily/standard which runs /usr/sbin/checksecurity. > > But, what is the point of logging these each day into > /var/log/setuid.changes if nobody sees them? Why doesn't this list get > emailed to root? Am I missing something? Well, maybe root should go see them? I don't mean to be snotty about it, but surely you concede that there is a point to logging and not emailing something; surely you have other logs on your system which are not emailed to root? As root, it's best to be vigilant and actively inspect your system rather than just wait for alerts to come to you. That's not to say that alerts aren't helpful, and that it probably would be nice to send these to root. You should be able to get that effect by simply adding it to the cron job. You'd just need to add a line that says "cat /var/log/setuid.changes", as stdout from the cron job gets mailed to its owner (root). -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M'
Description: PGP signature