{bb} No messages required... and security

[Ian Diddams <ian.diddams@vf.vodafone.co.uk>]

Due to 2nd party security  audit requirements, all our boxes' messages
files must now only be readable by root.

Currently, a user "bigbro" is the user that "runs"  bigbrother daemons
and scripts on all our boxes, and this means of course that it reports
the messages file as unreadable and I get a nice red blob!

The options would seem to be to either run bigbrother as root, or to
teak bigbroither's code and scripts (including maybe the html
processor?) to "drop" the mesages checking.

Firstly then, what's the security implications of running bigbro as
root?
Secondly, what would I have to do to disable message checking?

Or is there another, simpler solution?  (ie force permanent green
status?  ignore ?)


Seperately from the above, I'll soon be having discussions with LAN/WAN
about firewall access to "other" boxes on "the other side".  How does BB
actually check for smtp and ftp etc...  does the C code just open a tcp
port on the required port number?  And what are the security
implications (if any) of such a thing, and also of using port 1984
coming back the other way?  In essence you'll realise I'm looking for
justifications for these as otherwise all that is allowed through
firewalls here are ftp, telnetand http (port 80).

Cheers

Ian
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
To unsubscribe from this list, or to subscribe to the bb-digest list
send e-mail to mailto:majordomo@bb4.com with unsubscribe bb -and/or-
subscribe bb-digest in the BODY of the message.