From a727ae52a016e561e4157af69f410f9416d89558 Mon Sep 17 00:00:00 2001 From: ajacoutot Date: Sun, 20 Apr 2014 22:15:49 +0000 Subject: [PATCH] check_hosts_equiv -> check_hosts_lpd i.e. don't check for hosts.equiv anymore. input/ok schwarze@, ok sthen@ --- libexec/security/security | 26 +++++++++++--------------- share/man/man8/security.8 | 8 +++----- 2 files changed, 14 insertions(+), 20 deletions(-) diff --git a/libexec/security/security b/libexec/security/security index ac0cb4f9aec..47a979ad2f6 100644 --- a/libexec/security/security +++ b/libexec/security/security @@ -1,6 +1,6 @@ #!/usr/bin/perl -T -# $OpenBSD: security,v 1.24 2014/03/23 22:08:15 sthen Exp $ +# $OpenBSD: security,v 1.25 2014/04/20 22:15:49 ajacoutot Exp $ # # Copyright (c) 2011, 2012 Ingo Schwarze # Copyright (c) 2011 Andrew Fresh @@ -308,19 +308,15 @@ sub check_hostname_if { } } -# Files that should not have + signs. -sub check_hosts_equiv { - foreach my $base (qw(hosts.equiv shosts.equiv hosts.lpd)) { - my $filename = "/etc/$base"; - next unless -s $filename; - nag !(open my $fh, '<', $filename), - "open: $filename: $!" - and next; - nag /^\+/ && !/^\+@/, - "Plus sign in $filename file." - while <$fh>; - close $fh; - } +# hosts.lpd should not have + signs. +sub check_hosts_lpd { + my $filename = '/etc/hosts.lpd'; + -s $filename or return; + nag !(open my $fh, '<', $filename), "open: $filename: $!" and return; + nag /^\+/ && !/^\+@/, + "Plus sign in $filename file." + while <$fh>; + close $fh; } sub find_homes { @@ -887,7 +883,7 @@ open STDERR, '>&', $olderr; $check_title = "Checking configuration files:"; check_mail_aliases; check_hostname_if; -check_hosts_equiv; +check_hosts_lpd; $check_title = "Checking for special users with .rhosts/.shosts files."; my $homes = find_homes; check_rhosts_owner @$_ foreach @$homes; diff --git a/share/man/man8/security.8 b/share/man/man8/security.8 index 8b7e2351255..fba329d7299 100644 --- a/share/man/man8/security.8 +++ b/share/man/man8/security.8 @@ -1,8 +1,8 @@ -.\" $OpenBSD: security.8,v 1.22 2014/03/23 22:08:59 sthen Exp $ +.\" $OpenBSD: security.8,v 1.23 2014/04/20 22:15:49 ajacoutot Exp $ .\" .\" David Leonard, 2001. Public Domain. .\" -.Dd $Mdocdate: March 23 2014 $ +.Dd $Mdocdate: April 20 2014 $ .Dt SECURITY 8 .Os .Sh NAME @@ -40,9 +40,7 @@ dotfiles. Check for suspicious commands in .Pa /etc/mail/aliases . .It -Check for insecurities in various trust files such as -.Pa /etc/hosts.equiv , /etc/shosts.equiv , -and +Check for insecurities in .Pa /etc/hosts.lpd . .It Check user -- 2.20.1