From owner-freebsd-bugs Mon Aug 26 00:30:04 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id AAA24880 for bugs-outgoing; Mon, 26 Aug 1996 00:30:04 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id AAA24874; Mon, 26 Aug 1996 00:30:02 -0700 (PDT) Date: Mon, 26 Aug 1996 00:30:02 -0700 (PDT) Message-Id: <199608260730.AAA24874@freefall.freebsd.org> To: freebsd-bugs Cc: From: J Wunsch Subject: Re: misc/1538: new /etc/security script Reply-To: J Wunsch Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk The following reply was made to PR misc/1538; it has been noted by GNATS. From: J Wunsch To: Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: misc/1538: new /etc/security script Date: Sun, 25 Aug 1996 11:47:30 +0200 (MET DST) As pirzyk@faf.disney.com wrote: > *** /etc/security Sat Aug 24 16:00:46 1996 > --- /etc/security.bak Thu Nov 16 04:58:43 1995 (Btw., your patch is reversed. Not a big deal, but i thought i'd mention it.) > - echo "" > - echo "" > - echo "checking for accounts without passwords:" > - awk -F: '$2=="" && $1 != "+" {print $1}' /etc/master.passwd This is a matter of local policy and not always unwanted. So i'd leave this commented in the script, up to the local admin to enable it if he wants. > - echo "checking for block & character device files not in /dev:" > - find / -fstype local -name /dev -prune \( -type b -o -type c \) -exec ls -l {} \; | awk '{ print; }' > - What i don't like with these approaches is that there are multiple find's walking down the disk twice or more each night. This will only increase the sales volume of disk vendors... Instead, we should run *one* find, selecting all the desired items, and post-process its output for the various actions. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)