Daily MSEC security warnings

[Neo]

Hi All,
I have recently been getting MSEC "security warning" messages popping up in the bottom right hand corner of my desktop.  Always two at a time.
I have no idea why this would be happening.
I have not made any changes to my system other than to keep it updated via Synaptic.

I don't even know what MSEC is.

I searched but I haven't seen anyone else post with the same problem recently (most of the threads are from 2010 or 2011).

Any help that you may provide will be greatly appreciated.

[ternor]

The same thing happened to me.  I forget which update caused it.  Go to the PCL Control Centre, the security section and deselect the setting in msec.

[Phil]

MSEC puzzled me. Paid attention and made some changes as recommended. One item still puzzles me though.

http://wiki.mandriva.com/en/Msec

To run it and change settings in terminal msecgui

To read the output as root in a terminal:

# cat /var/mail/root | less

Once I have read and ruminated on what is says:

# cat /dev/null > /var/mail/root


This puzzles me, assume it is ok:

Total of users whose home directories have unsafe permissions : 1

Security Warning: these home directory should not be owned by someone else or writable :
user=uuidd(493) : home directory is group writable.

uuidd:x:493:489:system user for util-linux-ng:/var/lib/libuuid:/bin/false

[Georgetoon]

Noticed thsi message just today.  thanks for clarifying. I think I'l jut keep it in place for now.  Seems to be doing some good, I would guess.  I just need to understand the messages and find where I can read them once more.  they don't stay on screen for too long.

[7272andy]

You should find them in /var/log/msec.log
you need to open the file as root.

Regards

[ternor]

On my system, msec also seems to write to a file called 'dead.letter' in the root (/) folder.

[T6]

msec creates deadletter?

this forum definitively answers alot of questions!

[YouCanToo]

On my system, msec also seems to write to a file called 'dead.letter' in the root (/) folder.

I do not believe that it is msec that is actually doing that. It is usually created by
/bin/mail or other program that composes email (MUA?) when
the user aborts the composition. I suspect that it is the actual system mail program that is writing the dead.letter file and it is being triggered by the msec program.

[djohnston]

On my system, msec also seems to write to a file called 'dead.letter' in the root (/) folder.

I do not believe that it is msec that is actually doing that. It is usually created by
/bin/mail or other program that composes email (MUA?) when
the user aborts the composition. I suspect that it is the actual system mail program that is writing the dead.letter file and it is being triggered by the msec program.

I'm not sure, but I believe this behavior began with a recent update. If msec has no valid email address to send the output to, it is added to the /dead.letter file. You can set your msec preferences in a gui by running /usr/sbin/msecgui as root.



Enter an email address in the System administrator email address box and the reports will be emailed to you. You can also turn the email function off, as well as the on screen display. You can even disable the MSEC security checks. I don't believe it would be wise to disable the checks. There are quite a few options available by clicking the tabs. Be careful what you change.

[ternor]

You can also set msec preferences in PCLinuxOS Control Centre.  I don't know what happens to the emails addressed to 'root'.  I've never seen one, unless, as you say, they are added to the dead letter file.

[Georgetoon]

On my system, msec also seems to write to a file called 'dead.letter' in the root (/) folder.

Thank you.

[Tony]

djohnston:

Enter an email address in the System administrator email address box and the reports will be emailed to you. You can also turn the email function off, as well as the on screen display. You can even disable the MSEC security checks. I don't believe it would be wise to disable the checks. There are quite a few options available by clicking the tabs. Be careful what you change.

I'm experiencing the same MSEC check, because 'Enable MSEC tool' is selected.
A message pops up out of the Notifications area on right hand of the panel. Two of them, a few seconds apart, daily.
I'd like to know what it says,... are you saying djohnston that I have to put in an Email address to get a full log message ? I don't have the Email option checked.
Is there not a log created somewhere ?

I just leave all that Security section alone, as I wouldn't know what it means, I'd just be guessing.

As someone mentioned earlier I just access this area through the PCLinuxOS Control Centre.

It is kind of annoying, but interesting to know what the notification says, if that could be explained ?
Thanks  

EDIT:
Just reread and saw 7272andy said to:

You should find them in /var/log/msec.log
you need to open the file as root.

Shall check ...

[djohnston]

EDIT:
Just reread and saw 7272andy said to:

You should find them in /var/log/msec.log
you need to open the file as root.

Shall check ...

It writes to a few different logs. In addition, check:

/var/log/security/mail.today
/var/log/user.log

[Tony]

It writes to a few different logs. In addition, check:

/var/log/security/mail.today
/var/log/user.log

Thanks djohnston