On Tue, Dec 28, 2010 at 01:51:19PM +0900, Joel Rees wrote:
quoted text
> Just want to check on whether the situation with my sort-of new
> install of 4.8 is normal, and if my guess as to how to approach it is
> correct.
> 
> I didn't have time last night to go through and tweak everything I
> know to tweak, and just let it run overnight anyway.
> 
> So the first daily insecurities is over a megabyte of text. 

Yes, that's to be expected.

quoted text
> Can I mostly scan through [suid and device repots] and just let it go
> if I don't see anything obvious? (Not that I'm confident I'd know what
> I'm looking for, ...) I suppose, if I were ambitious, I could remove
> all the devices I know this old iBook will never have, but that's not
> even recommended general practice, is it?
> 
> The bulk of the mail is a lot (40 or more?) of diffs with /dev/null
> for stuff that I don't have in /etc and /var. 
> 
> Wasted about three hours this morning working on a program to split
> all the diffs out into files before it occured to me that almost
> everything in here is here because it isn't there, and then I looked
> in /var/backups and found the examples.

/etc/security (which is run from /etc/daily) is useful, but very
simple-minded. In particular, if you install or upgrade, it will spew
lots of noise. I recommend skimming it quickly, it's almost never a good
use of your time to read it closely. (/etc/security *is* quite useful in
case of a compromise, or if you messed with a configuration file and
forgot that you did so, etc.)

Don't cripple your system by removing default configuration files, it'll
only end in tears. And you'll have to re-do it after each upgrade
anyway. In general, don't "tweak" unless you *know* why you need/want
to.

quoted text
> Also, I'm wondering whether it would be more useful to send in the
> dmesg before or after I get /etc cleaned up. Or maybe you have enough
> iBook G4 12 inch dmesg-es for 4.8? Nothing special, really.

AFAIK, dmesgs are always appreciated.

		Joachim

-- 
PotD: devel/ruby-ffi-inliner - embed C code in your ruby script
http://www.joachimschipper.nl/