|SECURITY(8)||System Manager's Manual||SECURITY(8)|
securityis a command script that examines the system for some signs of security weaknesses. It is only a security aid and does not offer complete protection.
securityis run by daily(8), which mails any output to root on a daily basis.
security script carries out the
following list of simple checks:
securityalso provides hooks for administrators to create their own lists. These lists should be kept in /etc/mtree/ and filenames must have the suffix “.secure”. The following example shows how to create such a list, to protect the programs in /bin:
# mtree -cx -p /bin -K sha256digest,type > /etc/mtree/bin.secure # chown root:wheel /etc/mtree/bin.secure # chmod 600 /etc/mtree/bin.secure
Note: These checks do not provide complete protection against Trojan horse binaries, as the miscreant can modify the tree specification to match the replaced binary. For details on really protecting yourself against modified binaries, see mtree(8).
The intent of the
security script is to
point out some obvious holes to the system administrator.
securityshell script appeared in 4.3BSD-Reno, but most functionality only came with 4.4BSD. David Leonard for OpenBSD 2.9. Andrew Fresh <firstname.lastname@example.org> and Ingo Schwarze <email@example.com> rewrote
securityfrom scratch in perl(1) for OpenBSD 5.0.
There are perhaps an infinite number of ways the system can be compromised without this script noticing.
|July 13, 2017||OpenBSD-current|