Date: Sat, 1 Nov 1997 10:58:32 -0700 (MST) From: Brandon Gillespie <brandon@roguetrader.com> To: Niall Smart <njs3@doc.ic.ac.uk> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Suggested addition to /etc/security Message-ID: <Pine.BSF.3.96.971101105141.11936A-100000@roguetrader.com> In-Reply-To: <E0xRfGy-0003jZ-00@oak67.doc.ic.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 1 Nov 1997, Niall Smart wrote:
> On Oct 30, 10:18am, Brandon Gillespie wrote:
> } Subject: Suggested addition to /etc/security
> > I'm not sure if /etc/security is a good place for it, but I think it would
> > be a good idea to add this check (at least once a week) to somewhere:
> >
> > -------------------------------------------------
> > echo "checking for invalid user or group ids:"
> >
> > find / -nouser -nogroup
> > -------------------------------------------------
>
> Shouldn't this be "find / -nouser -o -nogroup -print"?
Yeah, or even better:
files=`find / -nouser -o -nogroup -print`
ls -ldF $files
(this looks better than find / -nouser -o -nogroup -exec ls -ldF {} \;)
On the same note, what about adding a few checks of the syslog for things.
I'm not sure if /etc/security is the right place for that or not. I know
that 'newsyslog' has a note about adding that sortof functionality, but..
? Just a simple:
fgrep 'BAD SU' /var/log/messages
Would suffice for su--the same could go for X failed login attempts on
other ports, etc. We could get more complex and open rotated logfiles we
havn't checked yet (and note the last logfile to be checked--including the
dates).
Is there interest in this, or is something better being worked on? I
could easilly cruft up /etc/security, if there is interest, and I wont be
duplicating any work..
-Brandon Gillespie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971101105141.11936A-100000>