summaryrefslogtreecommitdiff
path: root/share/man/man8/afterboot.8
diff options
context:
space:
mode:
authorLouis Bertrand <louis@cvs.openbsd.org>2000-03-04 17:41:37 +0000
committerLouis Bertrand <louis@cvs.openbsd.org>2000-03-04 17:41:37 +0000
commitab3379196f30d31f43905299cb7643a87d2aa0b6 (patch)
treebb6e27f7c36c3161e98c78ae3f4db8dcfe6afb98 /share/man/man8/afterboot.8
parent7f8c98e0221a2fd820b19fe2fbf7bdf83c038bd3 (diff)
Clearer note about the daily security report.
Diffstat (limited to 'share/man/man8/afterboot.8')
-rw-r--r--share/man/man8/afterboot.823
1 files changed, 19 insertions, 4 deletions
diff --git a/share/man/man8/afterboot.8 b/share/man/man8/afterboot.8
index 4aa5491ff4b..5b35cd06211 100644
--- a/share/man/man8/afterboot.8
+++ b/share/man/man8/afterboot.8
@@ -555,14 +555,28 @@ and change some of the lines to read:
30 3 * * 6 /bin/sh /etc/weekly 2>&1 > /var/log/weekly.out
30 5 1 * * /bin/sh /etc/monthly 2>&1 > /var/log/monthly.out
.Ed
+.Pp
See
.Xr crontab 5 .
.Ss Next day cleanup
After the first night's security run, change ownerships and permissions
-on things. The best bet is to have permissions as in the security list.
-(The first of the two listed permissions, and the first group number of
-the two).
-Use
+on files, directories, and devices; root should have received email
+with subject: "<hostname> daily insecurity output.". This email contains
+a set of security recommendations, presented as a list looking like this:
+.Bd -literal -offset indent
+var/mail:
+ permissions (0755, 0775)
+etc/daily:
+ user (0, 3)
+.Ed
+.Pp
+The best bet is to follow the advice in that list. The
+recommended setting is the first item in parentheses, while
+the current setting is the second one. This list is generated by
+.Xr mtree 8
+using
+.Ic /etc/mtree/special
+). Use
.Xr chmod 1 ,
.Xr chgrp 1 ,
and
@@ -745,6 +759,7 @@ time in the kernel image.
.Xr ext_srvtab 8 ,
.Xr ifconfig 8 ,
.Xr inetd 8 ,
+.Xr mtree 8 ,
.Xr mount 8 ,
.Xr named 8 ,
.Xr rc 8 ,