:: [DNG] [Devuan 3] [Chmod] [Lynis] Bo…
Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Se7en
Fecha:  
A: Devuan DNG
Asunto: [DNG] [Devuan 3] [Chmod] [Lynis] Bonked default permissions
I had run Lynis, a system-hardening auditor. At its suggestion, I
changed numerous permissions system-wide. I have also changed conf
files that alter book-time permissions. The following problems have
occured:

1) Upon reboot, my /dev/snd is in a state that makes ALSA fail to
recognize the audio devices. My user is in audio. The only way to make
ALSA recognize the /dev/snd devices is to add setguid, which resets
upon boot

2) My /var/lib is bonked. I am unable to run clamscan because clamscan
can not access the bytecode files. Again, I can fix it with chmod
which changes on the reboot.

I am unsure if there are other issues. I have not yet come accross
them. I changed my umask back to default, thoug my understanding on
umask is that it only affects the /home directory. My fault is not
logging what Lynis told me to do, and what I did in response. I did
not realize that hardening my system permissions would cause this.

I previously entered the IRC under an anonymous nick to fix more
problems caused not as a result of this, but as a result of attempting
to fix this. Those problems have been fixed. More-or-less my system is
now in a state as it was after the initial-run of Lynis.

Some output:

[03:09 se7en@lappy ~] > ls -ld /dev/snd
drwxr-x--- 3 root root 260 Jan 29 02:26 /dev/snd
[03:12 se7en@lappy ~] > ls -ld /dev/snd/*
ls: cannot a=ccess '/dev/snd/*': Permission denied

[03:12 root@lappy se7en] > ls -ld /dev/snd/*
# NOTE: Changing /dev/snd/by-path to audio:audo is enough to fix the
# ALSA problem but it resets on reboot
drwxr-xr-x 2 root root       60 Jan 29 02:26 /dev/snd/by-path
crw-rw---- 1 root audio 116,  9 Jan 29 02:26 /dev/snd/controlC1
crw-rw---- 1 root audio 116,  7 Jan 29 02:26 /dev/snd/hwC1D0
crw-rw---- 1 root audio 116,  8 Jan 29 02:26 /dev/snd/hwC1D3
crw-rw---- 1 root audio 116,  3 Jan 29 02:26 /dev/snd/pcmC1D0c
crw-rw---- 1 root audio 116,  2 Jan 29 02:26 /dev/snd/pcmC1D0p
crw-rw---- 1 root audio 116,  4 Jan 29 02:26 /dev/snd/pcmC1D3p
crw-rw---- 1 root audio 116,  5 Jan 29 02:26 /dev/snd/pcmC1D7p
crw-rw---- 1 root audio 116,  6 Jan 29 02:26 /dev/snd/pcmC1D8p
crw-rw---- 1 root audio 116,  1 Jan 29 02:26 /dev/snd/seq
crw-rw---- 1 root audio 116, 33 Jan 29 02:26 /dev/snd/timer


[03:13 se7en@lappy ~] > ls -ld /var/lib
drwxr-xr-x 72 root root 4.0K Jan 24 02:47 /var/lib
[03:14 se7en@lappy ~] > ls -ld /var/lib/* | grep clamav
drwxr-xr-x 2 clamav        clamav        4.0K Jan 29 02:27 /var/lib/clamav
drwxr-xr-x 4 root          root          4.0K Feb  3  2019 /var/lib/clamav-unofficial-sigs
[03:14 se7en@lappy ~] > ls -ld /var/lib/clamav/*
-rw-r--r-- 1 clamav clamav 283K Jan 24 00:12 /var/lib/clamav/blurl.ndb
-rw-r--r-- 1 clamav clamav 3.4K Oct 27  2019 /var/lib/clamav/bofhland_cracked_URL.ndb
-rw-r--r-- 1 clamav clamav 104K Apr  3  2019 /var/lib/clamav/bofhland_malware_attach.hdb
-rw-r--r-- 1 clamav clamav  610 Oct 26  2019 /var/lib/clamav/bofhland_malware_URL.ndb
-rw-r--r-- 1 clamav clamav 9.5K Oct 27  2019 /var/lib/clamav/bofhland_phishing_URL.ndb
-rw-r--r-- 1 clamav clamav 1.4M Sep 19  2019 /var/lib/clamav/bytecode.cld
-rw-r--r-- 1 clamav clamav   82 Jul 13  2016 /var/lib/clamav/crdfam.clamav.hdb
-rw-r--r-- 1 clamav clamav 323M Jan 27 05:10 /var/lib/clamav/daily.cld
-rw-r--r-- 1 clamav clamav   65 Jul 26  2013 /var/lib/clamav/doppelstern.hdb
-rw-r--r-- 1 clamav clamav 7.2M Jan 18 08:09 /var/lib/clamav/junk.ndb
-rw-r--r-- 1 clamav clamav 184K Jan 23 19:12 /var/lib/clamav/jurlbl.ndb
-rw-r--r-- 1 clamav clamav 294M Nov 25  2019 /var/lib/clamav/main.cld
-rw-r--r-- 1 clamav clamav  256 Feb 10  2020 /var/lib/clamav/mirrors.dat
-rw-r--r-- 1 clamav clamav 4.0M Jan 19 08:11 /var/lib/clamav/phish.ndb
-rw-r--r-- 1 clamav clamav 1.4M Jan 24 00:00 /var/lib/clamav/phishtank.ndb
-rw-r--r-- 1 clamav clamav 620K Jan 24 00:00 /var/lib/clamav/porcupine.ndb
-rw-r--r-- 1 clamav clamav  41K Jan 22 01:11 /var/lib/clamav/rogue.hdb
-rw-r--r-- 1 clamav clamav  11K Oct 18  2016 /var/lib/clamav/sanesecurity.ftm
-rw-r--r-- 1 clamav clamav 1.9M Jan 19 12:09 /var/lib/clamav/scam.ndb
-rw-r--r-- 1 clamav clamav  285 Jan  4 05:08 /var/lib/clamav/sigwhitelist.ign2
-rw-r--r-- 1 clamav clamav 1.4K Apr 28  2017 /var/lib/clamav/spamattach.hdb
-rw-r--r-- 1 clamav clamav  19K Nov  6 01:12 /var/lib/clamav/spamimg.hdb
-rw-r--r-- 1 root   root     49 Dec 13 00:54 /var/lib/clamav/whitelist-files.txt
-rw-r--r-- 1 clamav clamav  15K Jul 16  2018 /var/lib/clamav/winnow.attachments.hdb
-rw-r--r-- 1 clamav clamav   66 Mar  5  2018 /var/lib/clamav/winnow_bad_cw.hdb
-rw-r--r-- 1 clamav clamav  16K Mar  5  2018 /var/lib/clamav/winnow_extended_malware.hdb
-rw-r--r-- 1 clamav clamav  18K Mar  5  2018 /var/lib/clamav/winnow_malware.hdb
-rw-r--r-- 1 clamav clamav  15K Nov 26  2019 /var/lib/clamav/winnow_malware_links.ndb


[03:14 se7en@lappy ~] > alsamixer
cannot open mixer: Permission denied
[03:14 se7en@lappy ~] > aplay -l
aplay: device_list:272: no soundcards found...
[03:13 root@lappy se7en] > alsamixer
cannot open mixer: No such file or directory
[03:15 root@lappy se7en] > aplay -l
**** List of PLAYBACK Hardware Devices ****
card 1: PCH [HDA Intel PCH], device 0: ALC269VC Analog [ALC269VC Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 1: PCH [HDA Intel PCH], device 3: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 1: PCH [HDA Intel PCH], device 7: HDMI 1 [HDMI 1]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 1: PCH [HDA Intel PCH], device 8: HDMI 2 [HDMI 2]
Subdevices: 1/1
Subdevice #0: subdevice #0



-- 
|-----/                   | Se7en
     /  The One and Only! | se7en@???
    /                     | 0x0F83F93882CF6116
   /                      | https://se7en-site.neocities.org