OpenBSD manual page server

Manual Page Search Parameters

SECURITY(8) System Manager's Manual SECURITY(8)

securityperiodic system security check

security is a command script that examines the system for some signs of security weaknesses. It is only a security aid and does not offer complete protection. security is run by daily(8), which mails any output to root on a daily basis.

The security script carries out the following list of simple checks:

The intent of the security script is to point out some obvious holes to the system administrator.

The following variables can be set in /etc/daily.local:

A whitespace-separated list of absolute paths to be skipped in setuid/setgid file checks and in device special file checks. Avoid trailing slashes.

/etc/changelist
 
/etc/daily
 
/etc/mtree
 
/usr/libexec/security
 
/var/backups
 

changelist(5), daily(8), mtree(8)

A security shell script appeared in 4.3BSD-Reno, but most functionality only came with 4.4BSD.

The present manual was written by David Leonard for OpenBSD 2.9. Andrew Fresh <afresh1@openbsd.org> and Ingo Schwarze <schwarze@openbsd.org> rewrote security from scratch in perl(1) for OpenBSD 5.0.

The name of this script may provide a false sense of security.

There are perhaps an infinite number of ways the system can be compromised without this script noticing.

July 13, 2017 OpenBSD-current