Copyright (c) 1996 Matthew R. Green
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The name of the author may not be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
.Dd August 25, 1998 .Dt SECURITY.CONF 5 .Os .Sh NAME .Nm security.conf .Nd daily security check configuration file .Sh DESCRIPTION The .Nm file specifies which of the standard
a /etc/security services are performed. The
a /etc/security script is run, by default, every night from
a /etc/daily , on a .Nx system, if configured do to so from
a /etc/daily.conf .
p The variables described below can be set to "NO" to disable the test: l -tag -width check_network t Sy check_passwd This checks the
a /etc/master.passwd file for inconsistancies. t Sy check_group This checks the
a /etc/group file for inconsistancies. t Sy check_rootdotfiles This checks the root users startup files for sane settings of $PATH and umask. This test is not fail safe and any warning generated from this should be checked for correctness. t Sy check_ftpusers This checks that the correct users are in the
a /etc/ftpusers file. t Sy check_aliases This checks for security problems in the
a /etc/mail/aliases file. For backward compatibility,
a /etc/aliases will be checked as well if exists. t Sy check_rhosts This checks for system and user rhosts files with "+" in them. t Sy check_homes This checks that home directories are owned by the correct user. t Sy check_varmail This checks that the correct user owns mail in
a /var/mail , and that the mail box has the right permissions. t Sy check_nfs This checks that the
a /etc/exports file does not export filesystems to the world. t Sy check_devices This checks for changes to devices and setuid files. t Sy check_mtree This runs .Xr mtree 8 to ensure that the system is installed correctly. t Sy check_disklabels Backup text copies of the disklabels of available disk drives into
a /var/backups/disklabel.XXX , and display any differences in those and the previous copies as per .Sy check_changelist below. t Sy check_changelist This updates the list of files in
a /etc/changelist and their backups in
a /var/backups/file.current and
a /var/backups/file.backup , and displays any differences found. t Sy run_skeyaudit The .Xr skeyaudit 1 program checks the S/Key database and informs users of S/Keys that are about to expire. .El
p The variables described below can be set to modify the tests: l -tag -width check_network t Sy max_loginlen If .Sy check_passwd is enabled, this determines the maximum permitted length of login names. .El
p .Sh FILES l -tag -width /etc/security.local -compact t Pa /etc/security daily security check script t Pa /etc/security.conf daily security check configuration t Pa /etc/security.local local site additions to
a /etc/security .El .Sh SEE ALSO .Xr daily.conf 5 .Sh HISTORY The .Nm file appeared in .Nx 1.3 . The .Sy check_disklabels functionality was added in .Nx 1.4 .
Indexes created Thu Oct 23 22:10:10 GMT 2025