e-mail to root

[jekillen]

On Dec 19, 2007, at 7:30 PM, Kurt Buff wrote:

> On Dec 19, 2007 6:54 PM, jekillen <jekillen at prodigy.net> wrote:
>> Hello:
>> Is there a manual or other publication that deals specifically with
>> reading e-mail messages to root for FreeBSD?  I have gotten a
>> message:
>>
>> setuid diffs:
>> --- /var/log/setuid.today       Sat Sep  8 03:01:34 2007
>> +++ /tmp/security.9Jz0CWds      Wed Dec 19 03:01:38 2007
>>
>> followed by references to various programs
>>
>> then the next segment:
>> Checking for a current audit database:
>>
>> Downloading fresh database.
>> auditfile.tbz                                           46 kB   42 
>> kBps
>> New database installed.
>> Database created: Wed Dec 19 14:40:00 PST 2007
>>
>> Checking for packages with security vulnerabilities:
>>
>> followed by numerous references to programs and
>> files on the FreeBSD site.
>>
>> and I do not know quite what this means.
>
> It means that you have portaudit installed, and it's run as part of
> the daily scripts. That's a good thing.
>
> I'd recommend consulting the portaudit man page
>
> What it's found are packages on your machine that have security
> bulletins against them - that is, the packages named have
> vulnerabilities known to the FreeBSD Security team, which they believe
> should be patched. There's a link to the bulletin for each one - I
> think you'll find it enlightening to read some or all of them.
>
> I'd do a 'pkg_add -r portupgrade' to install that package, do a cvsup
> to get a current ports tree, then assess, very carefully, what you
> want to upgrade. IMHO all of the packages mentioned should probably
> get upgraded, unless you have *exceptional* reasons not to.
>
> To upgrade you can do 'portupgrade <packagename>' for each package
> named, or if you're feeling bold, 'portupgrade -aRr'.
>
>> I know that setuid is cause
>> for concern. I have three other machines with FreeBSD, with one
>> going back over a year of virtually continuous 24/7 operation and
>> this is the first time I have seen this type of message. For the
>> programs
>> reported with security problems it begs the question of dependencies
>> if they are removed or updated. Some references are to cups and
>> fetchmail
>> neither of which I use or have use for, that I am aware of.
>
> Portupgrade will take care of dependencies. No worries, though you
> should also peruse the man page for portupgrade to get your knowledge
> up.
>
>> This
>> particular
>> machine is primarily a web server. It does have Postfix running but 
>> just
>> uses local delivery and only listens on private network interface.
>> I am also a little dubious about posting any specifics to a public
>> mailing
>> list.
>> I am admittedly a novice at this (on all my own systems so no one
>> else's behind is on the line). Short of paying consultation fees to
>> someone, this is about the only live contact I have on the subject.
>> Thanks in advance for info:
>
> We were all novices - I still am, in far too many ways. Don't sweat
> it, and keep asking questions. Also, start reading the FreeBSD
> Handbook - it's online, and also downloadable, and covers this very
> topic.
>
> Kurt
>

Thank you kindly for the info;
I have been reading the handbook. I have it installed as html on my
everyday work machine. Having a web server on localhost is great.
It does cover portupgrade, portsnap, ports and all that but it was just
the e-mails to root that had me confused. Does this also cover the
setuid question also?
I also have the new Absolute FreeBSD, and the hard copy manual
obtained through FreeBSD Mall.  I had a problem with e-mail messages
to root some time ago that were showing up every 11 minutes. I look
into crontab and found one script that was set to run every 11 minutes.
I opened the script file and read the authors e-mail address and sent
him an e-mail on the problem. He responded scolding me for putting
commands in rc.conf. Sure enough, though I did not have explicit 
commands
in it, I did have the syntax wrong. Who would have guess that a script
dealing with entropy would complain because of problems with rc.conf?
That is an example of question that might arise that could use some
specific coverage in documentation.
Jeff K