|SECURITY(8)||System Manager's Manual||SECURITY(8)|
periodic system security check
security is a command script that examines
the system for some signs of security weaknesses. It is only a security aid
and does not offer complete protection.
run by daily(8), which mails any output to
root on a daily basis.
security script carries out the
following list of simple checks:
securityalso provides hooks for administrators to create their own lists. These lists should be kept in /etc/mtree/ and filenames must have the suffix “.secure”. The following example shows how to create such a list, to protect the programs in /bin:
# mtree -cx -p /bin -K sha256digest,type > /etc/mtree/bin.secure # chown root:wheel /etc/mtree/bin.secure # chmod 600 /etc/mtree/bin.secure
Note: These checks do not provide complete protection against Trojan horse binaries, as the miscreant can modify the tree specification to match the replaced binary. For details on really protecting yourself against modified binaries, see mtree(8).
The intent of the
security script is to
point out some obvious holes to the system administrator.
The following variables can be set in /etc/daily.local:
security shell script appeared in
4.3BSD-Reno, but most functionality only came with
The present manual was written by David
Leonard for OpenBSD 2.9.
and Ingo Schwarze
security from scratch in
perl(1) for OpenBSD
The name of this script may provide a false sense of
There are perhaps an infinite number of ways the system can be compromised without this script noticing.
|July 13, 2017||OpenBSD-current|