home *** CD-ROM | disk | FTP | other *** search
| File List | 1992-03-10 | 1.6 KB | 78 lines |
- # This lists any/all sensitive files the administration wants to ensure
- # non-read/writability of. Comments are lines starting with a "#".
- #
- # USE FULL PATHNAMES!
- #
- # Lines are of the format:
- #
- # /path/to/{dir|file} World/Group Read/Write/Both
- #
- # as above {w|g} {r|w|b}
- #
- / w w
- /etc w w
- /usr w w
- /bin w w
- /dev w w
- /usr/bin w w
- /usr/etc w w
- /usr/adm w w
- /usr/lib w w
- /usr/include w w
- /usr/spool w w
- /usr/spool/mail w w
- /usr/spool/news w w
- /usr/spool/uucp w w
- /usr/spool/at w w
- /usr/local w w
- /usr/local/bin w w
- /usr/local/lib w w
- /usr/users w w
- /Mail w w
-
- # some Un*x's put shadowpass stuff here:
- /etc/security w r
-
- # /.login /.profile /.cshrc /.rhosts
- /.* w w
-
- # I think everything in /etc should be !world-writable, as a rule; but
- # if you're selecting individual files, do at *least* these:
- # /etc/passwd /etc/group /etc/inittab /etc/rc /etc/rc.local /etc/rc.boot
- # /etc/hosts.equiv /etc/profile /etc/syslog.conf /etc/export /etc/utmp
- # /etc/wtmp
- /etc/* w w
-
- /bin/* w w
- /usr/bin/* w w
- /usr/etc/* w w
- /usr/adm/* w w
- /usr/lib/* w w
- /usr/include/* w w
- /usr/local/lib/* w w
- /usr/local/bin/* w w
- /usr/etc/yp* w w
- /usr/etc/yp/* w w
-
- # individual files:
- /usr/lib/crontab w b
- /usr/lib/aliases w w
- /usr/lib/sendmail w w
- /usr/spool/uucp/L.sys g b
-
- # NEVER want these writeable/readable!
- /dev/kmem w b
- /dev/mem w b
-
- # Optional List of assorted files that shouldn't be
- # write/readable (mix 'n match; add to the list as desired):
- /usr/adm/sulog w r
- /.netrc w b
- # HP-UX and others:
- /etc/btmp w b
- /etc/securetty w b
- # Sun-fun
- /dev/drum w b
- /dev/nit w b
- /etc/sunlink/dni/rc w w
-
