Recent Changes - Search:

Softwares

.

Linux-Environment-Security

Main.Linux-Environment-Security History

Hide minor edits - Show changes to output

December 14, 2012, at 08:55 PM by 15.219.201.68 -
Changed line 5 from:
Linux Environment Security
to:
!!Linux Environment Security
Changed line 8 from:
LES is intended as a facility to quickly & easily secure RedHat/RPM based environments (i.e: turbo linux, open linux). It does such by enforcing root-only permissions on system binaries (binaries that have no place being executed by normal users), enforcing root-only path traversal on system paths, enforcing immutable bit on essential rpm package contents (i.e: coreutils), and enforcing immutable bit on shell profile scripts.
to:
'''LES is intended as a facility to quickly & easily secure RedHat/RPM based environments''' (i.e: turbo linux, open linux). It does such by enforcing root-only permissions on system binaries (binaries that have no place being executed by normal users), enforcing root-only path traversal on system paths, enforcing immutable bit on essential rpm package contents (i.e: coreutils), and enforcing immutable bit on shell profile scripts.
December 14, 2012, at 10:38 AM by 115.242.216.32 -
Changed lines 8-14 from:
LES is intended as a facility to quickly & easily secure RedHat/RPM
based environments (i.e: turbo linux, open linux). It does such by enforcing
root-only permissions on system binaries (binaries that have no place being
executed by normal users), enforcing root-only path traversal on system paths,
enforcing immutable bit on essential rpm package contents (i.e: coreutils), and
enforcing immutable bit on shell profile scripts.
to:
LES is intended as a facility to quickly & easily secure RedHat/RPM based environments (i.e: turbo linux, open linux). It does such by enforcing root-only permissions on system binaries (binaries that have no place being executed by normal users), enforcing root-only path traversal on system paths, enforcing immutable bit on essential rpm package contents (i.e: coreutils), and enforcing immutable bit on shell profile scripts.
Changed lines 284-301 from:
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/basic.target.wants/fedora-autorelabel-mark.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/basic.target.wants/fedora
-autorelabel.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/basic.target.wants/fedora
-configure.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/basic.target.wants/fedora
-loadmodules.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/ctrl
-alt-del.target
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora
-autorelabel-mark.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-autorelabel.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-configure.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-import-state.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-loadmodules.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-readonly.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-storage-init-late.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-storage-init.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-wait-storage.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/local-fs.target.wants/fedora-import-state.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/local-fs.target.wants/fedora-readonly.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/local-fs.target.wants/fedora-storage-init-late.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/local-fs.target.wants/fedora-storage-init.service
to:
---
---
---
Deleted lines 319-329:
Dec 14 20:59:51 fedora les(7093): {glob} sec.profile enabled
group deva does not exist, --secure-devel disabled. else
Dec 14 20:59:51 fedora les(7093): {sec.deva} chmod 750 /usr/bin/wget
Dec 14 20:59:51 fedora les(7093): {sec.deva} chown root:deva /usr/bin/wget
chown: invalid group: `root:deva'
Dec 14 20:59:51 fedora les(7093): {sec.deva} chmod 750 /usr/bin/cc
Dec 14 20:59:51 fedora les(7093): {sec.deva} chown root:deva /usr/bin/cc
chown: invalid group: `root:deva'
Dec 14 20:59:51 fedora les(7093): {sec.deva} chmod 750 /usr/bin/gcc
Dec 14 20:59:51 fedora les(7093): {sec.deva} chown root:deva /usr/bin/gcc
chown: invalid group: `root:deva'
December 14, 2012, at 10:36 AM by 115.242.216.32 -
Added lines 8-14:
LES is intended as a facility to quickly & easily secure RedHat/RPM
based environments (i.e: turbo linux, open linux). It does such by enforcing
root-only permissions on system binaries (binaries that have no place being
executed by normal users), enforcing root-only path traversal on system paths,
enforcing immutable bit on essential rpm package contents (i.e: coreutils), and
enforcing immutable bit on shell profile scripts.
Changed lines 46-52 from:
LES is intended as a facility to quickly & easily secure RedHat/RPM
based environments (i.e: turbo linux, open linux). It does such by enforcing
root-only permissions on system binaries (binaries that have no place being
executed by normal users), enforcing root-only path traversal on system paths,
enforcing immutable bit on essential rpm package contents (i.e: coreutils), and
enforcing immutable bit on shell profile scripts.
to:
Changed lines 263-264 from:
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/lib/libbfd-2.22.52.0.1-10.fc17.so
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/lib/libopcodes-2.22.52.0.1-10.fc17.so
to:
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/lib/libbfd-
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/lib/libopcodes-
Changed lines 266-267 from:
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/lib/libbfd-2.22.52.0.1-10.fc17.so
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/lib/libopcodes-2.22.52.0.1-10.fc17.so
to:
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/lib/libbfd-
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/lib/libopcodes-
December 14, 2012, at 10:35 AM by 115.242.216.32 -
Added lines 1-355:
(:Google1:)
(:Googletxt:)
----

Linux Environment Security
----

[@

wget http://www.rfxn.com/downloads/les-current.tar.gz

fedora@fedora ~> wget http://www.rfxn.com/downloads/les-current.tar.gz
--2012-12-14 20:55:26-- http://www.rfxn.com/downloads/les-current.tar.gz
Resolving www.rfxn.com... 129.121.132.46
Connecting to www.rfxn.com|129.121.132.46|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11021 (11K) [application/x-gzip]
Saving to: `les-current.tar.gz'

100%[================>] 11,021 --.-K/s in 0.02s

2012-12-14 20:55:29 (431 KB/s) - `les-current.tar.gz' saved [11021/11021]

fedora@fedora ~> tar -xvzf les-current.tar.gz
les-0.2/
les-0.2/README
les-0.2/install.sh
les-0.2/files/
les-0.2/files/conf.les
les-0.2/files/opt.dat
les-0.2/files/les
les-0.2/files/functions.les
les-0.2/files/disable.les.rpmpkg
les-0.2/CHANGELOG
les-0.2/COPYING.GPL
fedora@fedora ~>


LES is intended as a facility to quickly & easily secure RedHat/RPM
based environments (i.e: turbo linux, open linux). It does such by enforcing
root-only permissions on system binaries (binaries that have no place being
executed by normal users), enforcing root-only path traversal on system paths,
enforcing immutable bit on essential rpm package contents (i.e: coreutils), and
enforcing immutable bit on shell profile scripts.

The combined usage of all LES options provides an increased level of local
environment security, in the hopes to stem off environment based attacks. Such
attacks would consist of back-dooring system binaries; tainting the $PATH
variable to point to alien paths where back-doored binaries are located;
alterations to user profile scripts to activate key loggers or process based
hi-jacking; traversal exploration of the system paths etc...; the possible
attack trends are endless hence the importance of hardening the local
environment space.

It is recommended to use this script in conjunction with Linux capability
restrictions and disable the CAP_LINUX_IMMUTABLE privilege to further enhance
the security to your environment.




fedora@fedora ~/les-0.2> ls
CHANGELOG COPYING.GPL files install.sh README
fedora@fedora ~/les-0.2> sudo ./install.sh
.: LES installed
Install path: /usr/local/les
Config path: /usr/local/les/conf.les
Executable path: /usr/local/sbin/les
fedora@fedora ~/les-0.2>




fedora@fedora /usr/local/les> ./les
LES version 0.2 <se@r-fx.org>
Copyright (C) 2004, R-fx Networks
2004, Ryan MacDonald
This program may be freely redistributed under the terms of the GNU GPL

usage: ./les [option] [off/on;0/1]
-da | --disable-all Disable all options
-ea | --enable-all Enable all options
-sb | --secure-bin Set root only execution of critical binaries
-sp | --secure-path Set root only traversal of critical paths
-sr | --secure-rpmpkg Set immutable on core rpm package binaries
-so | --secure-prof Set immutable on interactive login profiles
-sd | --secure-devel Set access to devel utils for group deva & root
fedora@fedora /usr/local/les>




fedora@fedora /usr/local/les> ./les
LES version 0.2 <se@r-fx.org>
Copyright (C) 2004, R-fx Networks
2004, Ryan MacDonald
This program may be freely redistributed under the terms of the GNU GPL

usage: ./les [option] [off/on;0/1]
-da | --disable-all Disable all options
-ea | --enable-all Enable all options
-sb | --secure-bin Set root only execution of critical binaries
-sp | --secure-path Set root only traversal of critical paths
-sr | --secure-rpmpkg Set immutable on core rpm package binaries
-so | --secure-prof Set immutable on interactive login profiles
-sd | --secure-devel Set access to devel utils for group deva & root




fedora@fedora /usr/local/les> sudo ./les -ea
LES version 0.2 <se@r-fx.org>
Copyright (C) 2004, R-fx Networks
2004, Ryan MacDonald
This program may be freely redistributed under the terms of the GNU GPL

Dec 14 20:59:36 fedora les(7093): {sec.bin} chmod 700 /bin/dmesg
Dec 14 20:59:36 fedora les(7093): {sec.bin} chmod 700 /bin/mount
Dec 14 20:59:36 fedora les(7093): {sec.bin} chmod 700 /bin/rpm
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/bin/write
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/bin/talk
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/bin/ipcrm
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/bin/ipcs
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/bin/free
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/bin/locate
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/bin/wall
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/bin/finger
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /sbin/arp
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /sbin/ifconfig
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/sbin/repquota
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/sbin/tcpdump
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/bin/nmap
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/bin/wget
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/bin/cc
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/bin/gcc
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/bin/who
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/bin/w
Dec 14 20:59:37 fedora les(7093): {sec.bin} chmod 700 /usr/bin/nc
Dec 14 20:59:37 fedora les(7093): {glob} sec.bin enabled
Dec 14 20:59:37 fedora les(7093): {sec.path} chmod 711 /
Dec 14 20:59:37 fedora les(7093): {sec.path} chmod 711 /home
Dec 14 20:59:37 fedora les(7093): {sec.path} chmod 711 /etc
Dec 14 20:59:37 fedora les(7093): {sec.path} chmod 711 /var
Dec 14 20:59:37 fedora les(7093): {sec.path} chmod 711 /usr/etc
Dec 14 20:59:37 fedora les(7093): {sec.path} chmod 711 /usr/local/etc
Dec 14 20:59:37 fedora les(7093): {sec.path} chmod 711 /var/log
Dec 14 20:59:37 fedora les(7093): {sec.path} chmod 711 /sbin
Dec 14 20:59:37 fedora les(7093): {sec.path} chmod 711 /usr/sbin
Dec 14 20:59:37 fedora les(7093): {sec.path} chmod 711 /usr/local/sbin
Dec 14 20:59:38 fedora les(7093): {glob} sec.path enabled
Dec 14 20:59:38 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/cmp
Dec 14 20:59:38 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/diff
Dec 14 20:59:38 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/diff3
Dec 14 20:59:38 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/sdiff
Dec 14 20:59:39 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/find
Dec 14 20:59:39 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/oldfind
Dec 14 20:59:39 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/xargs
Dec 14 20:59:39 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-addr2line
Dec 14 20:59:39 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-ar
Dec 14 20:59:39 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-elfcmp
Dec 14 20:59:40 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-elflint
Dec 14 20:59:40 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-findtextrel
Dec 14 20:59:40 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-make-debug-archive
Dec 14 20:59:40 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-nm
Dec 14 20:59:40 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-objdump
Dec 14 20:59:40 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-ranlib
Dec 14 20:59:40 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-readelf
Dec 14 20:59:40 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-size
Dec 14 20:59:40 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-strings
Dec 14 20:59:40 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-strip
Dec 14 20:59:40 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-unstrip
Dec 14 20:59:40 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-ranlib
Dec 14 20:59:41 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-addr2line
Dec 14 20:59:41 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-ar
Dec 14 20:59:41 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-elfcmp
Dec 14 20:59:41 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-elflint
Dec 14 20:59:41 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-findtextrel
Dec 14 20:59:41 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-make-debug-archive
Dec 14 20:59:41 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-nm
Dec 14 20:59:41 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-objdump
Dec 14 20:59:41 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-ranlib
Dec 14 20:59:41 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-readelf
Dec 14 20:59:41 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-size
Dec 14 20:59:41 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-strings
Dec 14 20:59:41 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-strip
Dec 14 20:59:41 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-unstrip
Dec 14 20:59:41 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/eu-ranlib
Dec 14 20:59:42 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/epsffit
Dec 14 20:59:42 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/getafm
Dec 14 20:59:42 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/psbook
Dec 14 20:59:42 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/psnup
Dec 14 20:59:42 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/psresize
Dec 14 20:59:42 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/psselect
Dec 14 20:59:42 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/pstops
Dec 14 20:59:42 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/showchar
Dec 14 20:59:42 fedora les(7093): {sec.rpmpkg} chattr +i /etc/trusted-key.key
Dec 14 20:59:42 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/dig
Dec 14 20:59:42 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/host
Dec 14 20:59:42 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/nslookup
Dec 14 20:59:42 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/nsupdate
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/irkbd
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/irpsion5
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/dongle_attach
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/findchip
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/irattach
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/irdadump
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/irdaping
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/irnetd
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/irda.service
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/ping
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/ping6
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/tracepath
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/tracepath6
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/arping
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/clockdiff
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/ifenslave
Dec 14 20:59:43 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/ping6
Dec 14 20:59:44 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/rdisc
Dec 14 20:59:44 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/tracepath
Dec 14 20:59:44 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/tracepath6
Dec 14 20:59:44 fedora les(7093): {sec.rpmpkg} chattr +i /usr/lib/systemd/system/rdisc.service
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/chage
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/gpasswd
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/lastlog
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/newgrp
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/sg
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/adduser
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/chpasswd
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/groupadd
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/groupdel
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/groupmems
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/groupmod
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/grpck
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/grpconv
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/grpunconv
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/newusers
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/pwck
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/pwconv
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/pwunconv
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/useradd
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/userdel
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/usermod
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/vigr
Dec 14 20:59:45 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/vipw
Dec 14 20:59:46 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/addr2line
Dec 14 20:59:46 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/ar
Dec 14 20:59:46 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/as
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/c++filt
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/elfedit
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/gprof
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/ld
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/ld.bfd
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/ld.gold
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/nm
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/objcopy
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/objdump
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/ranlib
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/readelf
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/size
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/strings
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/strip
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/lib/libbfd-2.22.52.0.1-10.fc17.so
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/lib/libopcodes-2.22.52.0.1-10.fc17.so
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/bin/ranlib
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/lib/libbfd-2.22.52.0.1-10.fc17.so
Dec 14 20:59:47 fedora les(7093): {sec.rpmpkg} chattr +i /usr/lib/libopcodes-2.22.52.0.1-10.fc17.so
Dec 14 20:59:48 fedora les(7093): {sec.rpmpkg} chattr +i /bin/ipcalc
Dec 14 20:59:48 fedora les(7093): {sec.rpmpkg} chattr +i /bin/usleep
Dec 14 20:59:48 fedora les(7093): {sec.rpmpkg} chattr +i /sbin/consoletype
Dec 14 20:59:48 fedora les(7093): {sec.rpmpkg} chattr +i /sbin/fstab-decode
Dec 14 20:59:48 fedora les(7093): {sec.rpmpkg} chattr +i /sbin/genhostid
Dec 14 20:59:48 fedora les(7093): {sec.rpmpkg} chattr +i /sbin/getkey
Dec 14 20:59:48 fedora les(7093): {sec.rpmpkg} chattr +i /sbin/ifdown
Dec 14 20:59:48 fedora les(7093): {sec.rpmpkg} chattr +i /sbin/ifup
Dec 14 20:59:48 fedora les(7093): {sec.rpmpkg} chattr +i /sbin/netreport
Dec 14 20:59:48 fedora les(7093): {sec.rpmpkg} chattr +i /sbin/ppp-watch
Dec 14 20:59:48 fedora les(7093): {sec.rpmpkg} chattr +i /sbin/service
Dec 14 20:59:48 fedora les(7093): {sec.rpmpkg} chattr +i /sbin/setsysfont
Dec 14 20:59:48 fedora les(7093): {sec.rpmpkg} chattr +i /sbin/sushell
Dec 14 20:59:48 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/sys-unconfig
Dec 14 20:59:48 fedora les(7093): {sec.rpmpkg} chattr +i /usr/sbin/usernetctl
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/fedora-autorelabel
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/fedora-configure
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/fedora-import-state
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/fedora-loadmodules
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/fedora-readonly
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/fedora-storage-init
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/basic.target.wants/fedora-autorelabel-mark.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/basic.target.wants/fedora-autorelabel.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/basic.target.wants/fedora-configure.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/basic.target.wants/fedora-loadmodules.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/ctrl-alt-del.target
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-autorelabel-mark.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-autorelabel.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-configure.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-import-state.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-loadmodules.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-readonly.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-storage-init-late.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-storage-init.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/fedora-wait-storage.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/local-fs.target.wants/fedora-import-state.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/local-fs.target.wants/fedora-readonly.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/local-fs.target.wants/fedora-storage-init-late.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/systemd/system/local-fs.target.wants/fedora-storage-init.service
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/udev/rename_device
Dec 14 20:59:49 fedora les(7093): {sec.rpmpkg} chattr +i /lib/udev/rules.d/60-net.rules
Dec 14 20:59:50 fedora les(7093): {glob} sec.rpmpkg enabled
Dec 14 20:59:50 fedora les(7093): {sec.profile} chmod 644 /etc/profile
Dec 14 20:59:50 fedora les(7093): {sec.profile} chattr +i /etc/profile
Dec 14 20:59:50 fedora les(7093): {sec.profile} chmod 644 /etc/bashrc
Dec 14 20:59:50 fedora les(7093): {sec.profile} chattr +i /etc/bashrc
Dec 14 20:59:50 fedora les(7093): {sec.profile} chmod 644 /etc/csh.login
Dec 14 20:59:50 fedora les(7093): {sec.profile} chattr +i /etc/csh.login
Dec 14 20:59:50 fedora les(7093): {sec.profile} chmod 644 /etc/csh.cshrc
Dec 14 20:59:50 fedora les(7093): {sec.profile} chattr +i /etc/csh.cshrc
Dec 14 20:59:50 fedora les(7093): {sec.profile} chmod 644 /home/fedora/.bash_profile
Dec 14 20:59:50 fedora les(7093): {sec.profile} chattr +i /home/fedora/.bash_profile
Dec 14 20:59:50 fedora les(7093): {sec.profile} chmod 644 /home/fedora/.bashrc
Dec 14 20:59:50 fedora les(7093): {sec.profile} chattr +i /home/fedora/.bashrc
Dec 14 20:59:50 fedora les(7093): {sec.profile} chmod 644 /home/fedora/.bash_logout
Dec 14 20:59:50 fedora les(7093): {sec.profile} chattr +i /home/fedora/.bash_logout
Dec 14 20:59:50 fedora les(7093): {sec.profile} chmod 644 /home/fedora/.bash_profile
Dec 14 20:59:50 fedora les(7093): {sec.profile} chattr +i /home/fedora/.bash_profile
Dec 14 20:59:50 fedora les(7093): {sec.profile} chmod 644 /home/fedora/.bashrc
Dec 14 20:59:50 fedora les(7093): {sec.profile} chattr +i /home/fedora/.bashrc
Dec 14 20:59:50 fedora les(7093): {sec.profile} chmod 644 /home/fedora/.bash_logout
Dec 14 20:59:50 fedora les(7093): {sec.profile} chattr +i /home/fedora/.bash_logout
Dec 14 20:59:50 fedora les(7093): {sec.profile} chmod 644 /root/.bash_profile
Dec 14 20:59:50 fedora les(7093): {sec.profile} chattr +i /root/.bash_profile
Dec 14 20:59:51 fedora les(7093): {sec.profile} chmod 644 /root/.bashrc
Dec 14 20:59:51 fedora les(7093): {sec.profile} chattr +i /root/.bashrc
Dec 14 20:59:51 fedora les(7093): {sec.profile} chmod 644 /root/.bash_logout
Dec 14 20:59:51 fedora les(7093): {sec.profile} chattr +i /root/.bash_logout
Dec 14 20:59:51 fedora les(7093): {sec.profile} chmod 644 /root/.cshrc
Dec 14 20:59:51 fedora les(7093): {sec.profile} chattr +i /root/.cshrc
Dec 14 20:59:51 fedora les(7093): {sec.profile} chmod 644 /root/.tcshrc
Dec 14 20:59:51 fedora les(7093): {sec.profile} chattr +i /root/.tcshrc
Dec 14 20:59:51 fedora les(7093): {glob} sec.profile enabled
group deva does not exist, --secure-devel disabled. else
Dec 14 20:59:51 fedora les(7093): {sec.deva} chmod 750 /usr/bin/wget
Dec 14 20:59:51 fedora les(7093): {sec.deva} chown root:deva /usr/bin/wget
chown: invalid group: `root:deva'
Dec 14 20:59:51 fedora les(7093): {sec.deva} chmod 750 /usr/bin/cc
Dec 14 20:59:51 fedora les(7093): {sec.deva} chown root:deva /usr/bin/cc
chown: invalid group: `root:deva'
Dec 14 20:59:51 fedora les(7093): {sec.deva} chmod 750 /usr/bin/gcc
Dec 14 20:59:51 fedora les(7093): {sec.deva} chown root:deva /usr/bin/gcc
chown: invalid group: `root:deva'
Dec 14 20:59:51 fedora les(7093): {glob} sec.deva enabled
fedora@fedora /usr/local/les>
@]

----
(:Googlemm:)
Edit - History - Print - Recent Changes - Search
Page last modified on December 14, 2012, at 08:55 PM