summaryrefslogtreecommitdiff
path: root/share/man/man8/afterboot.8
diff options
context:
space:
mode:
Diffstat (limited to 'share/man/man8/afterboot.8')
-rw-r--r--share/man/man8/afterboot.823
1 files changed, 19 insertions, 4 deletions
diff --git a/share/man/man8/afterboot.8 b/share/man/man8/afterboot.8
index 4aa5491ff4b..5b35cd06211 100644
--- a/share/man/man8/afterboot.8
+++ b/share/man/man8/afterboot.8
@@ -555,14 +555,28 @@ and change some of the lines to read:
30 3 * * 6 /bin/sh /etc/weekly 2>&1 > /var/log/weekly.out
30 5 1 * * /bin/sh /etc/monthly 2>&1 > /var/log/monthly.out
.Ed
+.Pp
See
.Xr crontab 5 .
.Ss Next day cleanup
After the first night's security run, change ownerships and permissions
-on things. The best bet is to have permissions as in the security list.
-(The first of the two listed permissions, and the first group number of
-the two).
-Use
+on files, directories, and devices; root should have received email
+with subject: "<hostname> daily insecurity output.". This email contains
+a set of security recommendations, presented as a list looking like this:
+.Bd -literal -offset indent
+var/mail:
+ permissions (0755, 0775)
+etc/daily:
+ user (0, 3)
+.Ed
+.Pp
+The best bet is to follow the advice in that list. The
+recommended setting is the first item in parentheses, while
+the current setting is the second one. This list is generated by
+.Xr mtree 8
+using
+.Ic /etc/mtree/special
+). Use
.Xr chmod 1 ,
.Xr chgrp 1 ,
and
@@ -745,6 +759,7 @@ time in the kernel image.
.Xr ext_srvtab 8 ,
.Xr ifconfig 8 ,
.Xr inetd 8 ,
+.Xr mtree 8 ,
.Xr mount 8 ,
.Xr named 8 ,
.Xr rc 8 ,