Good Day!
New guy here and first post... hope no rules broken.

Installed Linux (Mandrake 9) with paranoid security.
Good stuff but sometimes anoying...
One of the features resets ownership of all files within /var/log to root with permissions "600" read write by owner only.
This appears to be done via cron using "msec".

Does anyone know how to bypass this feature for a given subdirectory?
I searched for config files but could not find an include/exclude list on anything that looke like it. The responsible code appears written in Python and I'm unfamiliar with it.

I'd also be interested in finding decent documentation on this subject.

Later...

Rayb

msec is really nice, but it can be maddening at times(stupid promiscuous mode checks filling the log every minute, arrrg!).

The files are in /usr/share/msec (or was it /usr/share/lib/msec?). I can't remember the exact file that holds the file permission settings, but it's in there. Try # cd /usr/share/msec ; grep "/var/log" *

By the way, /var/log really shouldn't be readable by anyone other than root. Use sudo to view logs as a non-root user.

raybcher, this is some stuff I saved from when I had msec installed
hope its not out of date...

Customizing msec With Overrides
To override any of these defaults, you will need to create the file /etc/security/msec/level.local with your overrides.
To have a better idea of the different commands you can use in the level.local file, read the mseclib manpage (man mseclib). It describes all of the functions you can set in the file and what each function is for.

Thanks

I specially like the override functionality instead of modifying the package source.

I'll have to check my MANPATH...

Take care.