From e2cb9b7f53c40e3db8767bd0eb855384d51b3320 Mon Sep 17 00:00:00 2001 From: Florin Grad Date: Wed, 7 Nov 2001 15:11:45 +0000 Subject: new entry --- conf/perm.3 | 5 ----- conf/perm.4 | 5 ----- conf/perm.5 | 5 ----- conf/perm.snf | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 72 insertions(+), 15 deletions(-) create mode 100644 conf/perm.snf diff --git a/conf/perm.3 b/conf/perm.3 index 5fe91f7..52322e2 100644 --- a/conf/perm.3 +++ b/conf/perm.3 @@ -65,8 +65,3 @@ /var/log/security/* root.root 600 /var/spool/mail/ root.mail 2775 /var/tmp root.root 1777 -/var/lib/monitoring httpd-naat.admin 2770 -/var/lib/naat root.admin 2770 -/var/log/httpd-naat httpd-naat.admin 750 -/var/www-naat httpd-naat.admin 750 -/var/log/snort snort.snort 750 diff --git a/conf/perm.4 b/conf/perm.4 index 848054b..38123b3 100644 --- a/conf/perm.4 +++ b/conf/perm.4 @@ -65,8 +65,3 @@ /var/log/security/* root.root 600 /var/spool/mail/ root.mail 771 /var/tmp root.root 1777 -/var/lib/monitoring httpd-naat.admin 2770 -/var/lib/naat root.admin 2770 -/var/log/httpd-naat httpd-naat.admin 750 -/var/www-naat httpd-naat.admin 750 -/var/log/snort snort.snort 750 diff --git a/conf/perm.5 b/conf/perm.5 index 1f16fca..e6abf1d 100644 --- a/conf/perm.5 +++ b/conf/perm.5 @@ -76,8 +76,3 @@ /var/log/security/* root.root 600 /var/spool/mail/ root.mail 771 /var/tmp root.root 1777 -/var/lib/monitoring httpd-naat.admin 2770 -/var/lib/naat root.admin 2770 -/var/log/httpd-naat httpd-naat.admin 750 -/var/www-naat httpd-naat.admin 750 -/var/log/snort snort.snort 750 diff --git a/conf/perm.snf b/conf/perm.snf new file mode 100644 index 0000000..848054b --- /dev/null +++ b/conf/perm.snf @@ -0,0 +1,72 @@ +# Welcome in Level 4, aka secure & usable. +### +/bin/ root.root 711 +/boot/ root.root 700 +/dev/ root.root 711 +/dev/audio* root.audio 600 +/dev/dsp* root.audio 600 +/etc/ root.adm 711 +/etc/conf.modules root.adm 640 +/etc/cron.daily/ root.adm 750 +/etc/cron.hourly/ root.adm 750 +/etc/cron.monthly/ root.adm 750 +/etc/cron.weekly/ root.adm 750 +/etc/crontab root.adm 640 +/etc/dhcpcd/ root.adm 750 +/etc/dhcpcd/* root.adm 640 +/etc/esd.conf root.audio 640 +/etc/ftpaccess root.adm 640 +/etc/ftpconversions root.adm 640 +/etc/ftpgroups root.adm 640 +/etc/ftphosts root.adm 640 +/etc/ftpusers root.adm 640 +/etc/gettydefs root.adm 640 +/etc/hosts.allow root.adm 640 +/etc/hosts.deny root.adm 640 +/etc/hosts.equiv root.adm 640 +/etc/inetd.conf root.adm 640 +/etc/rc.d/init.d/ root.adm 750 +/etc/rc.d/init.d/syslog root.adm 740 +/etc/inittab root.adm 640 +/etc/ld.so.conf root.adm 640 +/etc/lilo.conf root.adm 600 +/etc/modules.conf root.adm 640 +/etc/motd root.adm 644 +/etc/printcap root.lp 640 +/etc/profile.d/* root.root 755 +/etc/rc.d/ root.adm 640 +/etc/securetty root.root 640 +/etc/sendmail.cf root.adm 640 +/etc/shutdown.allow root.root 600 +/etc/ssh_config root.root 644 +/etc/ssh_host_key root.adm 640 +/etc/ssh_host_key.pub root.adm 644 +/etc/sshd_config root.adm 640 +/etc/syslog.conf root.adm 640 +/etc/updatedb.conf root.adm 640 +/home/ root.adm 751 +/home/* current 700 +/lib/ root.adm 751 +/mnt/ root.adm 750 +/root/ root.root 700 +/sbin/ root.adm 751 +/tmp/ root.root 1777 +/usr/ root.adm 751 +/usr/* root.adm 751 +/usr/X11R6/ root.xgrp 751 +/usr/bin/ root.adm 751 +/usr/sbin/ root.adm 751 +/var/ root.root 755 +/var/log/ root.root 711 +/var/log/* root.root 600 +/var/log/squidGuard squid.squid 751 +/var/log/squid squid.squid 751 +/var/log/security/ root.root 700 +/var/log/security/* root.root 600 +/var/spool/mail/ root.mail 771 +/var/tmp root.root 1777 +/var/lib/monitoring httpd-naat.admin 2770 +/var/lib/naat root.admin 2770 +/var/log/httpd-naat httpd-naat.admin 750 +/var/www-naat httpd-naat.admin 750 +/var/log/snort snort.snort 750 -- cgit v1.2.1