From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier <boklm@mageia.org> Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2011-September/008326.html | 189 ++++++++++++++++++++++++++ 1 file changed, 189 insertions(+) create mode 100644 zarb-ml/mageia-dev/2011-September/008326.html (limited to 'zarb-ml/mageia-dev/2011-September/008326.html') diff --git a/zarb-ml/mageia-dev/2011-September/008326.html b/zarb-ml/mageia-dev/2011-September/008326.html new file mode 100644 index 000000000..d7072bcfe --- /dev/null +++ b/zarb-ml/mageia-dev/2011-September/008326.html @@ -0,0 +1,189 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E7BA477.9050406%40laposte.net%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="008336.html"> + <LINK REL="Next" HREF="008334.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?</H1> + <B>andre999</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E7BA477.9050406%40laposte.net%3E" + TITLE="[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?">andre999.mga at laposte.net + </A><BR> + <I>Thu Sep 22 23:11:19 CEST 2011</I> + <P><UL> + <LI>Previous message: <A HREF="008336.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI>Next message: <A HREF="008334.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8326">[ date ]</a> + <a href="thread.html#8326">[ thread ]</a> + <a href="subject.html#8326">[ subject ]</a> + <a href="author.html#8326">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Florian Hubold a écrit : +><i> Am 22.09.2011 00:09, schrieb Luc Menut: +</I>>><i> Le 21/09/2011 20:35, Florian Hubold a écrit : +</I>>>><i> Hello, +</I>>>><i> +</I>>>><i> during validation of validation of msec/sectool update candidates, +</I>>>><i> a problem showed up: <A HREF="https://bugs.mageia.org/show_bug.cgi?id=1621">https://bugs.mageia.org/show_bug.cgi?id=1621</A> +</I>>><i> ... +</I>>>><i> But if we want security reports to be sent to local users if they +</I>>>><i> specify so, how to proceed further? +</I>>><i> +</I>>><i> msec can work very well without sending these reports by email; all +</I>>><i> the security's reports are available in /var/log/security, and msec +</I>>><i> notifies the user about this at each time it runs, so sendmail is +</I>>><i> absolutely not mandatory. +</I>>><i> So I think that msec shouldn't have a Requires on sendmail-command, +</I>>><i> eventually it can be a Suggest. +</I>>><i> +</I>>><i> But perhaps we could/should change the configuration of msec to not +</I>>><i> send email by default, by adding MAIL_WARN=no in +</I>>><i> /etc/security/msec/security.conf. +</I>>><i> +</I>><i> So, to summarize, there happen to be multiple solutions here: +</I>><i> +</I>><i> 1. do NOT require an MTA, let users manually read reports from +</I>><i> /var/log/security +</I>><i> maybe even remove nail from msec Requires as it is currently +</I>><i> non-functional. +</I> +Reading from /var/log/security is not especially user-friendly, and will be +ignored by less savy users. + +><i> Also Luc's proposal cited above could be realized. +</I> +see below. + +><i> 2. do require sendmail-command, which will pose a problem to users +</I>><i> installing from the CLI, because they are presented with a choice: +</I>><i> +</I>><i> One of the following packages is required: +</I>><i> 1 dma +</I>><i> 2 ssmtp +</I>><i> 3 postfix +</I>><i> 4 sendmail +</I>><i> 5 msmtp +</I>><i> Please make a selection: +</I>><i> +</I>><i> Additionally this will force an MTA onto every default installation and +</I>><i> every +</I>><i> installation that currently has msec installed. +</I> +Solution 3 avoids the complication of choosing, with virtually no disadvantage. + +><i> 3. do require dma, which is a rather minimal MTA, and delivers without +</I>><i> configuration +</I>><i> Please see <A HREF="https://bugs.mageia.org/show_bug.cgi?id=2255#c36">https://bugs.mageia.org/show_bug.cgi?id=2255#c36</A> for details. +</I>><i> This would also allow coexistence with an already-installed MTA, IIUC. +</I> +(dragonfly mail agent) +If this works, I'd say that it is the best solution, since it is very compact +(64k), and virtually every system will have the DNS it requires installed. +(Unless of course they don't have Internet or network access. In which case +msec would not be particularly important.) +Note that it is only at version 0.2 (or 0.3 upstream), so we should test it +carefully. + +><i> 4. Try to fix nail, which is required by msec and so in every default +</I>><i> installation, +</I>><i> so that it is able to deliver mail by itself, without sendmail. +</I> +Solution #3 seems much better in every respect. + +><i> Please give your votes. +</I> +Solution 3, with changes/verifications noted below. +Since it is much simpler for the end-user to always have the capability to send +security alerts if an email address is entered, without installing anything extra. + +There are 2 options at the bottom of the first security page of msec, which +should already realise Luc's proposals. They may have to be fixed. + +a) An option to send a security alert by email, where one enters the email +address. By default it is checked. +However, if no valid format email address is entered, an email should _not_ be +sent. +As well, we should display something similar to +"(Enter {userid}@localhost for a local user.)", + to help ensure that the user enters a valid local address. +(Note that there are multi-line descriptions for all the other options above on +the same page, so this would fit nicely.) + +b) An option to display security alerts on the desktop. Again, checked by +default. They should probably remain visible until the user dismisses them. +(They currently display for a few seconds, then disappear.) + +My 2 cents :) + +-- +André +</PRE> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="008336.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI>Next message: <A HREF="008334.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8326">[ date ]</a> + <a href="thread.html#8326">[ thread ]</a> + <a href="subject.html#8326">[ subject ]</a> + <a href="author.html#8326">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> -- cgit v1.2.1