e-mail to root

[Kurt Buff]

On Dec 19, 2007 6:54 PM, jekillen <jekillen at prodigy.net> wrote:
> Hello:
> Is there a manual or other publication that deals specifically with
> reading e-mail messages to root for FreeBSD?  I have gotten a
> message:
>
> setuid diffs:
> --- /var/log/setuid.today       Sat Sep  8 03:01:34 2007
> +++ /tmp/security.9Jz0CWds      Wed Dec 19 03:01:38 2007
>
> followed by references to various programs
>
> then the next segment:
> Checking for a current audit database:
>
> Downloading fresh database.
> auditfile.tbz                                           46 kB   42 kBps
> New database installed.
> Database created: Wed Dec 19 14:40:00 PST 2007
>
> Checking for packages with security vulnerabilities:
>
> followed by numerous references to programs and
> files on the FreeBSD site.
>
> and I do not know quite what this means.

It means that you have portaudit installed, and it's run as part of
the daily scripts. That's a good thing.

I'd recommend consulting the portaudit man page

What it's found are packages on your machine that have security
bulletins against them - that is, the packages named have
vulnerabilities known to the FreeBSD Security team, which they believe
should be patched. There's a link to the bulletin for each one - I
think you'll find it enlightening to read some or all of them.

I'd do a 'pkg_add -r portupgrade' to install that package, do a cvsup
to get a current ports tree, then assess, very carefully, what you
want to upgrade. IMHO all of the packages mentioned should probably
get upgraded, unless you have *exceptional* reasons not to.

To upgrade you can do 'portupgrade <packagename>' for each package
named, or if you're feeling bold, 'portupgrade -aRr'.

> I know that setuid is cause
> for concern. I have three other machines with FreeBSD, with one
> going back over a year of virtually continuous 24/7 operation and
> this is the first time I have seen this type of message. For the
> programs
> reported with security problems it begs the question of dependencies
> if they are removed or updated. Some references are to cups and
> fetchmail
> neither of which I use or have use for, that I am aware of.

Portupgrade will take care of dependencies. No worries, though you
should also peruse the man page for portupgrade to get your knowledge
up.

> This
> particular
> machine is primarily a web server. It does have Postfix running but just
> uses local delivery and only listens on private network interface.
> I am also a little dubious about posting any specifics to a public
> mailing
> list.
> I am admittedly a novice at this (on all my own systems so no one
> else's behind is on the line). Short of paying consultation fees to
> someone, this is about the only live contact I have on the subject.
> Thanks in advance for info:

We were all novices - I still am, in far too many ways. Don't sweat
it, and keep asking questions. Also, start reading the FreeBSD
Handbook - it's online, and also downloadable, and covers this very
topic.

Kurt