OpenBSD manual page server

Manual Page Search Parameters

SECURITY(8) System Manager's Manual SECURITY(8)

securityperiodic system security check

/usr/libexec/security

security is a command script that examines the system for some signs of security weaknesses. It is only a security aid and does not offer complete protection. security is run by daily(8), which mails any output to root on a daily basis.

The security script carries out the following list of simple checks:

The intent of the security script is to point out some obvious holes to the system administrator.

The following variables can be set in /etc/daily.local:

A whitespace-separated list of absolute paths to be skipped in setuid/setgid file checks and in device special file checks. Avoid trailing slashes.

/etc/changelist
 
/etc/daily
 
/etc/mtree
 
/var/backups
 

changelist(5), daily(8), mtree(8)

A security shell script appeared in 4.3BSD-Reno, but most functionality only came with 4.4BSD.

The present manual was written by David Leonard for OpenBSD 2.9. Andrew Fresh and Ingo Schwarze rewrote security from scratch in perl(1) for OpenBSD 5.0.

The name of this script may provide a false sense of security.

There are perhaps an infinite number of ways the system can be compromised without this script noticing.

April 19, 2011 OpenBSD-5.1