Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

checksecurity(8) [linux man page]

CHECKSECURITY(8)					      System Manager's Manual						  CHECKSECURITY(8)

NAME

       checksecurity - Run a collection of simple system checks

SYNOPSIS

       checksecurity

DESCRIPTION

       The checksecurity command runs a small collection of simple system checks which are designed to catch a few common security issues.  check-
       security is run by cron in a daily basis.

CONFIGURATION

       The checksecurity.conf file defines several configuration variables: MAILTO, CHECK_DISKFREE, CHECK_PASSWD and CHECK_SETUID LOGDIR.  Each is
       described below.

       The  checksecurity program works with a collection of plugins which are located in /usr/share/checksecurity and are configured individually
       by their own configuration file.

       CHECK_PASSWD If this is set to TRUE then the check-passwd script will be invoked.  This script is designed to report upon  system  accounts
       which  have  no passwords.  CHECK_DISKFREE If this is set to TRUE then the check-diskfree script will be invoked and will allow an alert to
       be sent if there is any mounted partition is running short on disk space.  CHECK_SETUID If this is set to TRUE then the check-setuid script
       will be invoked, this will compare the setuid binaries upon the system to those that existed previously and show the differences.

FILES

       /etc/checksecurity.conf
	      checksecurity configuration file

SEE-ALSO
       See also check-diskfree(8), check-setuid(8), and check-passwd(8)

Debian Linux							  2 February 1997						  CHECKSECURITY(8)

Check Out this Related Man Page

DAILY(5)						      BSD File Formats Manual							  DAILY(5)

NAME

     daily, daily.conf -- daily maintenance

DESCRIPTION

     The /etc/daily script is run, by default, every night on a NetBSD system.	The /etc/daily.conf file specifies which of the standard daily
     services are performed.

     The variables described below can be set to ``YES'' or ``NO'' in the /etc/daily.conf file.  Most default to ``YES'', but not all.	Check the
     /etc/defaults/daily.conf file if you are in doubt.  (Note that you should never edit /etc/defaults/daily.conf directly, as it is often
     replaced during system upgrades.)

     find_core			This runs find(1) over the entire local filesystem, looking for core files.

     run_msgs			This runs msgs(1) with the -c argument.

     expire_news		This runs the /etc/expire.news script.

     purge_accounting		This ages accounting files in /var/account.

     run_calendar		This runs calendar(1) with the -a argument.

     check_disks		This uses the df(1) and dump(8) to give disk status, and also reports failed raid(4) components.

     show_remote_fs		In check_disks, show remote file systems, which are not reported on by default.

     check_mailq		This runs mailq(1).

     check_network		This runs netstat(1) with the -i argument, and also checks the rwhod(8) database, and runs ruptime(1) if there are
				hosts in /var/rwho.

     full_netstat		By default, check_network outputs a summarized version of the netstat(1) report.  If a full version of the output
				run with the -inv options is desired, set this variable.

     run_fsck			This runs fsck(8) with the -n option.

     run_rdist			This runs rdist(1) with /etc/Distfile.

     run_security		This runs the /etc/security script looking for possible security problems with the system.

     run_skeyaudit		Runs the skeyaudit(1) program to check the S/Key database and informs users of S/Keys that are about to expire.

     run_makemandb		If the /etc/man.conf file exists, runs the makemandb(8) utility to update the man.db database for use by
				apropos(1).

     fetch_pkg_vulnerabilities	Refreshes the local database of package vulnerabilities.  See the settings in security.conf(5) for details on the
				actual package checks.

     The variables described below can be set to modify the tests:

     find_core_ignore_fstypes	Lists filesystem types to ignore during the find_core phase.  Prefixing the type with a '!' inverts the match.
				For example, 'procfs !local' will ignore 'procfs' type filesystems and filesystems that are not 'local'.

     find_core_ignore_paths	Lists paths to ignore during the find_core phase.  For example, '/export' will not descend into any directories
				under the '/export' hierarchy. This, on a file server, allows to skip user data while still scanning system files.

     run_fsck_flags		Extra options to be passed to fsck(8) if run_fsck is enabled.

     send_empty_security	If set, the report generated by the run_security phase will always be sent, even if it is empty.

     pkgdb_dir			DEPRECATED.  Please set PKGDB_DIR in pkg_install.conf(5) instead.

				If defined, points to the location of the packages database.  Defaults to /var/db/pkg.

FILES

     /etc/daily 	       daily maintenance script
     /etc/daily.conf	       daily maintenance configuration
     /etc/defaults/daily.conf  default settings, overridden by /etc/daily.conf
     /etc/daily.local	       local site additions to /etc/daily

SEE ALSO

     monthly(5), security.conf(5), weekly(5)

HISTORY

     The /etc/daily.conf file appeared in NetBSD 1.3.

BSD
								   July 30, 2012							       BSD
Man Page