security.conf(5) - NetBSD Manual Pages

SECURITY.CONF(5)          NetBSD Programmer's Manual          SECURITY.CONF(5)


NAME

     security.conf - daily security check configuration file


DESCRIPTION

     The security.conf file specifies which of the standard /etc/security ser-
     vices are performed.  The /etc/security script is run, by default, every
     night from /etc/daily, on a NetBSD system, if configured do to so from
     /etc/daily.conf.

     The variables described below can be set to "NO" to disable the test:

     check_passwd   This checks the /etc/master.passwd file for inconsistan-
                    cies.

     check_group    This checks the /etc/group file for inconsistancies.

     check_rootdotfiles
                    This checks the root users startup files for sane settings
                    of $PATH and umask.  This test is not fail safe and any
                    warning generated from this should be checked for correct-
                    ness.

     check_ftpusers
                    This checks that the correct users are in the
                    /etc/ftpusers file.

     check_aliases  This checks for security problems in the /etc/mail/aliases
                    file.  For backward compatibility, /etc/aliases will be
                    checked as well if exists.

     check_rhosts   This checks for system and user rhosts files with "+" in
                    them.

     check_homes    This checks that home directories are owned by the correct
                    user.

     check_varmail  This checks that the correct user owns mail in /var/mail,
                    and that the mail box has the right permissions.

     check_nfs      This checks that the /etc/exports file does not export
                    filesystems to the world.

     check_devices  This checks for changes to devices and setuid files.

     check_mtree    This runs mtree(8) to ensure that the system is installed
                    correctly.

     check_disklabels
                    Backup text copies of the disklabels of available disk
                    drives into /var/backups/disklabel.XXX, and display any
                    differences in those and the previous copies as per
                    check_changelist below.

     check_changelist
                    This updates the list of files in /etc/changelist and
                    their backups in /var/backups/file.current and
                    /var/backups/file.backup, and displays any differences
                    found.

     run_skeyaudit  The skeyaudit(1) program checks the S/Key database and in-
                    forms users of S/Keys that are about to expire.

     The variables described below can be set to modify the tests:

     max_loginlen   If check_passwd is enabled, this determines the maximum
                    permitted length of login names.


FILES

     /etc/security        daily security check script
     /etc/security.conf   daily security check configuration
     /etc/security.local  local site additions to /etc/security


SEE ALSO

     daily.conf(5)


HISTORY

     The security.conf file appeared in NetBSD 1.3.  The check_disklabels
     functionality was added in NetBSD 1.4.

NetBSD 1.5.3                    August 25, 1998                              2

Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.