Lf_script_perm
Posted: 17 May 2010, 10:54
Hi
This option is great however I believe it should be tweaked slightly to enable it to be used more readily in a production environment
# If this option is enabled, the directory identified by LF_SCRIPT_ALERT will
# be chmod 0 and chattr +i to prevent it being accessed. Set the option to 1
# to enable.
#
# WARNING: This option could cause serious system problems if the identified
# directory is within the OS directory hierarchy. For this reason we do not
# recommend enabling it unless absolutely necessary.
LF_SCRIPT_PERM = "0"
On most servers it is unusual for system directories to used to send out spams from scripts (not unheard of but unusual), to this effect having the options to set the root directories where this option works would enable people just to set it for /home/
This would cover off in our case 99.999% of scripts used to generate spam without having to possibly impact system directories, other users may want to be able to set other directories so this option should probably have the ability to set multiple directory structures where you do want this enabled.
IE
LF_SCRIPT_PERM_BLOCK="/home,/home2,/usr/local"
Ideally we would still be warned of problems not contained within these directories still
Mike
This option is great however I believe it should be tweaked slightly to enable it to be used more readily in a production environment
# If this option is enabled, the directory identified by LF_SCRIPT_ALERT will
# be chmod 0 and chattr +i to prevent it being accessed. Set the option to 1
# to enable.
#
# WARNING: This option could cause serious system problems if the identified
# directory is within the OS directory hierarchy. For this reason we do not
# recommend enabling it unless absolutely necessary.
LF_SCRIPT_PERM = "0"
On most servers it is unusual for system directories to used to send out spams from scripts (not unheard of but unusual), to this effect having the options to set the root directories where this option works would enable people just to set it for /home/
This would cover off in our case 99.999% of scripts used to generate spam without having to possibly impact system directories, other users may want to be able to set other directories so this option should probably have the ability to set multiple directory structures where you do want this enabled.
IE
LF_SCRIPT_PERM_BLOCK="/home,/home2,/usr/local"
Ideally we would still be warned of problems not contained within these directories still
Mike