Securing-Optimizing-RH-Linux-1_2_199
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
199
/tmp
-> $(SEC_INVARIANT);
}
# Libraries
(emailto = admin@openarch.com, rulename = "Libraries", severity = $(SIG_MED))
{
/usr/lib -> $(SEC_BIN);
}
# Include
(emailto = admin@openarch.com, rulename = "OS Development Files", severity = $(SIG_MED))
{
/usr/include -> $(SEC_BIN);
}
# Shared
(emailto = admin@openarch.com, rulename = "OS Shared Files", severity = $(SIG_MED))
{
/usr/share -> $(SEC_BIN);
}
# Kernel headers files
(emailto = admin@openarch.com, rulename = "Kernel Headers Files", severity = $( SIG_HI))
{
/usr/src/linux-2.2.14 -> $(SEC_BIN);
}
# setuid/setgid root programs
(emailto = admin@openarch.com, rulename = "setuid/setgid", severity = $(SIG_ HI))
{
/bin/su -> $(SEC_SUID);
/sbin/pwdb_chkpwd -> $(SEC_SUID);
/sbin/dump -> $(SEC_SUID);
/sbin/restore -> $(SEC_SUID);
/usr/bin/at -> $(SEC_SUID);
/usr/bin/passwd -> $(SEC_SUID);
/usr/bin/suidperl -> $(SEC_SUID);
/usr/bin/crontab -> $(SEC_SUID);
/usr/sbin/sendmail -> $(SEC_SUID);
/usr/bin/man -> $(SEC_SUID);
/usr/bin/sperl5.00503 -> $(SEC_SUID);
/usr/bin/slocate -> $(SEC_SUID);
/usr/sbin/utempter -> $(SEC_SUID);
/sbin/netreport -> $(SEC_SUID);
}
(emailto = admin@openarch.com, rulename = "Configuration Files")
{
/etc/hosts
-> $(SEC_CONFIG);
/etc/inetd.conf
-> $(SEC_CONFIG);
/etc/initlog.conf
-> $(SEC_CONFIG);
/etc/inittab
-> $(SEC_CONFIG);
/etc/resolv.conf
-> $(SEC_CONFIG);
/etc/syslog.conf
-> $(SEC_CONFIG);
}
(emailto = admin@openarch.com, rulename = "Security Control")
{
/etc/group
-> $(SEC_CRIT);
/etc/security/
-> $(SEC_CRIT);
/lib/security/
-> $(SEC_CRIT);
/var/spool/cron
-> $(SEC_CRIT);