[Mageia-discuss] erros after mageia1 install

Wed Dec 14 22:36:41 CET 2011

bascule wrote:
> On Tuesday 13 December 2011 07:25:27 Johnny A. Solbu wrote:
>> On Tuesday 13 December 2011 08:01, bascule wrote:
>> > firewall ->
>> >     Error: No firewall rules in IPv4 INPUT chain and policy is set to
>> > ACCEPT. firewall: ERROR
>> 
>> Instead of "ERROR", shouldn't this simply state that the Firewall is Off?
>> And why is that an Error? On some systems and circumstances, like a local
>> internal network (often behind NAT), a firewall is deliberately diaabled,
>> and is therefore not an Error.
> still struggling with these errors, after correcting some of the permisions 
> where the fix was stated the next msec check promptly contradicted itslef by 
> saying i should change them back, the following two system emails have just 
> been produced by msec:
> 1.
> ---------------
> WARNING: Enforcing group on /proc to adm
> WARNING: Enforcing permissions on /var/log/samba/cores/smbd to 600
> WARNING: Enforcing group on /etc/ssh/ssh_host_dsa_key to adm
> WARNING: Enforcing group on /etc/ssh/ssh_host_dsa_key.pub to adm
> WARNING: Enforcing group on /etc/ssh/ssh_host_key to adm
> WARNING: Enforcing group on /etc/ssh/sshd_config to adm
> WARNING: Enforcing permissions on /etc/ssh/sshd_config to 640
> WARNING: Enforcing permissions on /home/bascule to 751
> WARNING: Enforcing group on /etc/ssh/ssh_host_key.pub to adm
> WARNING: Enforcing permissions on /var/log/samba/cores/nmbd to 600
> WARNING: Enforcing group on /etc/ssh/ssh_host_rsa_key to adm
> WARNING: Enforcing group on /etc/ssh/ssh_host_rsa_key.pub to adm
> WARNING: Enforcing permissions on /var/log/dmesg to 640
> WARNING: Enforcing permissions on /var/log/messages to 640
> WARNING: Enforcing permissions on /var/log/lastlog to 640
> WARNING: Enforcing permissions on /var/log/rpmpkgs to 640
> --------------
> 2.
> -----------------
> openssh ->
>     Warning: Wrong permissions on regular file "/etc/ssh/sshd_config": 640 (sshd 
> configuration file, required permissions are 600)
>     Error: Missing file or directory: "/var/empty/sshd" (directory used by sshd 
> during privilege separation in the pre-authentication phase)
>     Warning: Wrong owner/group on regular file: "/etc/ssh/ssh_host_dsa_key" 
> (sshd private key - from configuration file, required owner/group is root:root)
>     Warning: Wrong owner/group on regular file: "/etc/ssh/ssh_host_dsa_key.pub" 
> (sshd public key - from configuration file, required owner/group is root:root)
>     Warning: Wrong owner/group on regular file: "/etc/ssh/ssh_host_key" (sshd 
> private key - from configuration file, required owner/group is root:root)
>     Warning: Wrong owner/group on regular file: "/etc/ssh/ssh_host_key.pub" 
> (sshd public key - from configuration file, required owner/group is root:root)
>     Warning: Wrong owner/group on regular file: "/etc/ssh/ssh_host_rsa_key" 
> (sshd private key - from configuration file, required owner/group is root:root)
>     Warning: Wrong owner/group on regular file: "/etc/ssh/ssh_host_rsa_key.pub" 
> (sshd public key - from configuration file, required owner/group is root:root)
>     openssh: ERROR
> 
> ogfiles ->
>     Error: File /var/log/lastlog has wrong permssions! The correct permissions 
> are 644.
>     Error: File /var/log/messages has wrong permssions! The correct 
> permissions are 600.
>     logfiles: ERROR
> -------------
> as you can see the contents of 1 contradict the contents of 2 but both are 
> produced by the msec cron jobs that run about 4am, i must be alone in this 
> error since i can't imagine it being widespread and not reported before, 
> therefore my install must be unique somehow and the only candidate in my mind 
> is my not formatting /var when i did the install, only surely that's not 
> uncommon?
> 
> bascule

The first set of messages you printed comes from msec.  The second comes from sectool.  Basically, 
you can ignore the messages from sectool.  Unfortunately one of the updates to msec added sectool 
as a requires or suggests, but sectool is not well integrated with msec or Mageia.  There are bugs 
about this in the bugzilla.  The last comments on the bug were that dropping sectool is probably 
the best option, but this has not happened yet.