Bug#298573: marked as done (ITA: checksecurity -- basic system security checks)
Your message dated Mon, 14 Mar 2005 20:17:03 -0500
with message-id <E1DB0gB-0003JX-00@newraff.debian.org>
and subject line Bug#298573: fixed in checksecurity 2.0.7-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 8 Mar 2005 15:36:27 +0000
>From skx@debian.org Tue Mar 08 07:36:25 2005
Return-path: <skx@debian.org>
Received: from 82-41-232-235.cable.ubr07.edin.blueyonder.co.uk (lappy.my.flat) [82.41.232.235]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D8gky-0008UF-00; Tue, 08 Mar 2005 07:36:24 -0800
Received: from skx by lappy.my.flat with local (Exim 4.50)
id 1D8gkT-000268-5i
for submit@bugs.debian.org; Tue, 08 Mar 2005 15:35:53 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Steve Kemp <skx@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: O: checksecurity -- basic system security checks
Reply-To: Steve Kemp <skx@debian.org>
X-Mailer: reportbug 3.8
Date: Tue, 08 Mar 2005 15:35:53 +0000
Message-Id: <[🔎] E1D8gkT-000268-5i@lappy.my.flat>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: wnpp
Severity: normal
I intend to orphan the checksecurity package, honestly I've done a bad
job of looking after it. It deserves a better keeper and I've not had
much success at getting a co-maintainer for it.
The package description is:
Checksecurity does some very basic system security checks, such as
looking for changes in which programs have setuid permissions, and that
remote filesystems are not allowed to have runnable setuid programs.
.
Note that these are not to be considered in any way complete, and
you should not rely on checksecurity to actually provide any useful
information concerning the security or vulnerability of your system.
.
The lockfile-progs package is only a "Suggests" because of the poor
way that dselect handles "Recommends", but I do strongly suggest that
you install it; it prevents /etc/cron.daily/standard from running multiple
times if something gets jammed.
.
Checksecurity was previously part of the cron package.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
---------------------------------------
Received: (at 298573-close) by bugs.debian.org; 15 Mar 2005 01:23:03 +0000
>From katie@ftp-master.debian.org Mon Mar 14 17:23:03 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DB0ly-0000Ot-00; Mon, 14 Mar 2005 17:23:02 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DB0gB-0003JX-00; Mon, 14 Mar 2005 20:17:03 -0500
From: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
To: 298573-close@bugs.debian.org
X-Katie: $Revision: 1.55 $
Subject: Bug#298573: fixed in checksecurity 2.0.7-2
Message-Id: <E1DB0gB-0003JX-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Mon, 14 Mar 2005 20:17:03 -0500
Delivered-To: 298573-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 6
Source: checksecurity
Source-Version: 2.0.7-2
We believe that the bug you reported is fixed in the latest version of
checksecurity, which is due to be installed in the Debian FTP archive:
checksecurity_2.0.7-2.diff.gz
to pool/main/c/checksecurity/checksecurity_2.0.7-2.diff.gz
checksecurity_2.0.7-2.dsc
to pool/main/c/checksecurity/checksecurity_2.0.7-2.dsc
checksecurity_2.0.7-2_all.deb
to pool/main/c/checksecurity/checksecurity_2.0.7-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 298573@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <jfs@computer.org> (supplier of updated checksecurity package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 11 Mar 2005 08:46:43 +0100
Source: checksecurity
Binary: checksecurity
Architecture: source all
Version: 2.0.7-2
Distribution: unstable
Urgency: low
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
Changed-By: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
Description:
checksecurity - basic system security checks
Closes: 31902 138484 274428 276950 291576 297691 298573
Changes:
checksecurity (2.0.7-2) unstable; urgency=low
.
* Adopted package (Closes: #298573)
* Have the check_diskfree plugin mail to root the results of the test, if
defined. Notice that the environment is currently cleaned up so that
it will not work yet properly. This is the patch available in #232951
* Fixed the formatting issue in the check-setuid.8 manpage with the
patch provided by Nicolas Francois (Closes: #274428)
* Fixed the reference to checksecurity.conf in bin/checksecurity, the
message now refers to checksecurity(8) (Closes: #276950)
* Create /var/log/setuid with proper permissions (750), also, move the
files in postinst through a loop checking first if they exist
(Closes: #297691)
* Rotate /var/log/setuid.changes, /var/log/diskfree.log and
/var/log/checksecurity.log through logrotate instead of having this in
the cron task, use dh_installlogrotate to install this.
* Add Getopt::Long usage to bin/checksecurity and define a debug (-d or
--debug option) (currently undocumented)
* Introduce a 'period' argument in checksecurity (currently undocumented)
which determines what checks should it run:
- Modify global-checksecurity.conf so that diskfree and passwd checks
are run daily and setuid is run weekly
- Create a new checksecurity-weekly cron task that will run setuid
This closes two long-standing bugs since users can adjust the
configuration now to their needs. (Closes: #138484, #31902)
* Recommend: Tiger, logcheck, and integrity checkers, also
suggest some programs to check if newer packages are available,
as bug #163813 has not been closed yet.
This is an interim solution in order to warn users that
there are more (advanced) security checks available they might want
to implement in addition to checksecurity.
* Added Czech po-debconf translation provided by Jan Outrata
(Closes: #291576)
Files:
9cfac7a160ade4d97bb1330d78d7b79f 726 admin optional checksecurity_2.0.7-2.dsc
7bb6a18089efe6d5108d9a633673924c 8626 admin optional checksecurity_2.0.7-2.diff.gz
34cf809aee41ab3b5e554deb0d26f1b8 19922 admin optional checksecurity_2.0.7-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iQCVAwUBQjYynPtEPvakNq0lAQKKTwQAltDk2fSGGhoJObQstvkX7K29Qv9Xc+Q0
ocvWQbWJHmZZZfpX6k43DOl0evrWWeaZUNQAMDzKYS9RLR2La0YukqPETzjF6b6j
1Z0rh5D60TS9uPKM+m5sFWEP2BZXi4bgeFDra7mCZV5ZtgHGg+XG2wZjC+9ptBN4
GPKFc9RkmbM=
=mNO5
-----END PGP SIGNATURE-----
Reply to: