diff options
| author | Nicolas Vigier <boklm@mageia.org> | 2013-04-14 13:46:12 +0000 |
|---|---|---|
| committer | Nicolas Vigier <boklm@mageia.org> | 2013-04-14 13:46:12 +0000 |
| commit | 1be510f9529cb082f802408b472a77d074b394c0 (patch) | |
| tree | b175f9d5fcb107576dabc768e7bd04d4a3e491a0 /zarb-ml/mageia-dev/2011-September/008337.html | |
| parent | fa5098cf210b23ab4f419913e28af7b1b07dafb2 (diff) | |
| download | archives-master.tar archives-master.tar.gz archives-master.tar.bz2 archives-master.tar.xz archives-master.zip | |
Diffstat (limited to 'zarb-ml/mageia-dev/2011-September/008337.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2011-September/008337.html | 191 |
1 files changed, 191 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2011-September/008337.html b/zarb-ml/mageia-dev/2011-September/008337.html new file mode 100644 index 000000000..8a917fa61 --- /dev/null +++ b/zarb-ml/mageia-dev/2011-September/008337.html @@ -0,0 +1,191 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E7C4BBF.6050901%40arcor.de%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="008334.html"> + <LINK REL="Next" HREF="008331.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?</H1> + <B>Florian Hubold</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E7C4BBF.6050901%40arcor.de%3E" + TITLE="[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?">doktor5000 at arcor.de + </A><BR> + <I>Fri Sep 23 11:05:03 CEST 2011</I> + <P><UL> + <LI>Previous message: <A HREF="008334.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI>Next message: <A HREF="008331.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8337">[ date ]</a> + <a href="thread.html#8337">[ thread ]</a> + <a href="subject.html#8337">[ subject ]</a> + <a href="author.html#8337">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Am 23.09.2011 10:47, schrieb Florian Hubold: +><i> Am 22.09.2011 23:11, schrieb andre999: +</I>>><i> Florian Hubold a écrit : +</I>>>><i> Am 22.09.2011 00:09, schrieb Luc Menut: +</I>>>>><i> Le 21/09/2011 20:35, Florian Hubold a écrit : +</I>>>>>><i> Hello, +</I>>>>>><i> +</I>>>>>><i> during validation of validation of msec/sectool update candidates, +</I>>>>>><i> a problem showed up: <A HREF="https://bugs.mageia.org/show_bug.cgi?id=1621">https://bugs.mageia.org/show_bug.cgi?id=1621</A> +</I>>>>><i> ... +</I>>>>>><i> But if we want security reports to be sent to local users if they +</I>>>>>><i> specify so, how to proceed further? +</I>>>>><i> +</I>>>>><i> msec can work very well without sending these reports by email; all +</I>>>>><i> the security's reports are available in /var/log/security, and msec +</I>>>>><i> notifies the user about this at each time it runs, so sendmail is +</I>>>>><i> absolutely not mandatory. +</I>>>>><i> So I think that msec shouldn't have a Requires on sendmail-command, +</I>>>>><i> eventually it can be a Suggest. +</I>>>>><i> +</I>>>>><i> But perhaps we could/should change the configuration of msec to not +</I>>>>><i> send email by default, by adding MAIL_WARN=no in +</I>>>>><i> /etc/security/msec/security.conf. +</I>>>>><i> +</I>>>><i> So, to summarize, there happen to be multiple solutions here: +</I>>>><i> +</I>>>><i> 1. do NOT require an MTA, let users manually read reports from +</I>>>><i> /var/log/security +</I>>>><i> maybe even remove nail from msec Requires as it is currently +</I>>>><i> non-functional. +</I>>><i> +</I>>><i> Reading from /var/log/security is not especially user-friendly, and will be +</I>>><i> ignored by less savy users. +</I>><i> Less savvy users might also not want to read security reports, also it would +</I>><i> mean they +</I>><i> can't interpret them properly or fix the cause of reported problems, no? +</I>>><i> +</I>>>><i> Also Luc's proposal cited above could be realized. +</I>>><i> +</I>>><i> see below. +</I>>><i> +</I>>>><i> 2. do require sendmail-command, which will pose a problem to users +</I>>>><i> installing from the CLI, because they are presented with a choice: +</I>>>><i> +</I>>>><i> One of the following packages is required: +</I>>>><i> 1 dma +</I>>>><i> 2 ssmtp +</I>>>><i> 3 postfix +</I>>>><i> 4 sendmail +</I>>>><i> 5 msmtp +</I>>>><i> Please make a selection: +</I>>>><i> +</I>>>><i> Additionally this will force an MTA onto every default installation and +</I>>>><i> every +</I>>>><i> installation that currently has msec installed. +</I>>><i> +</I>>><i> Solution 3 avoids the complication of choosing, with virtually no disadvantage. +</I>>><i> +</I>>>><i> 3. do require dma, which is a rather minimal MTA, and delivers without +</I>>>><i> configuration +</I>>>><i> Please see <A HREF="https://bugs.mageia.org/show_bug.cgi?id=2255#c36">https://bugs.mageia.org/show_bug.cgi?id=2255#c36</A> for details. +</I>>>><i> This would also allow coexistence with an already-installed MTA, IIUC. +</I>>><i> +</I>>><i> (dragonfly mail agent) +</I>>><i> If this works, I'd say that it is the best solution, since it is very +</I>>><i> compact (64k), and virtually every system will have the DNS it requires +</I>>><i> installed. +</I>>><i> (Unless of course they don't have Internet or network access. In which case +</I>>><i> msec would not be particularly important.) +</I>>><i> Note that it is only at version 0.2 (or 0.3 upstream), so we should test it +</I>>><i> carefully. +</I>>><i> +</I>>>><i> 4. Try to fix nail, which is required by msec and so in every default +</I>>>><i> installation, +</I>>>><i> so that it is able to deliver mail by itself, without sendmail. +</I>>><i> +</I>>><i> Solution #3 seems much better in every respect. +</I>>><i> +</I>>>><i> Please give your votes. +</I>>><i> +</I>>><i> Solution 3, with changes/verifications noted below. +</I>>><i> Since it is much simpler for the end-user to always have the capability to +</I>>><i> send security alerts if an email address is entered, without installing +</I>>><i> anything extra. +</I>>><i> +</I>>><i> There are 2 options at the bottom of the first security page of msec, which +</I>>><i> should already realise Luc's proposals. They may have to be fixed. +</I>>><i> +</I>>><i> a) An option to send a security alert by email, where one enters the email +</I>>><i> address. By default it is checked. +</I>>><i> However, if no valid format email address is entered, an email should _not_ +</I>>><i> be sent. +</I>>><i> As well, we should display something similar to +</I>>><i> "(Enter {userid}@localhost for a local user.)", +</I>>><i> to help ensure that the user enters a valid local address. +</I>>><i> (Note that there are multi-line descriptions for all the other options above +</I>>><i> on the same page, so this would fit nicely.) +</I>>><i> +</I>>><i> b) An option to display security alerts on the desktop. Again, checked by +</I>>><i> default. They should probably remain visible until the user dismisses them. +</I>>><i> (They currently display for a few seconds, then disappear.) +</I>Correction: If you mean a notification popup which tells you that the report +can be looked +up at /path/to/report is already in place, aus Eugeni told already. +>><i> +</I>>><i> My 2 cents :) +</I>>><i> +</I>><i> Feel free to send patches for a) and b). +</I>><i> +</I> +</PRE> + + + + + + + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="008334.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI>Next message: <A HREF="008331.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8337">[ date ]</a> + <a href="thread.html#8337">[ thread ]</a> + <a href="subject.html#8337">[ subject ]</a> + <a href="author.html#8337">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |