wiki:FedoraCompatibilityIssues
Last modified 6 years ago Last modified on 07/07/08 13:36:34

Fedora compatibility issues

Here is a list of errors and warnings you get while running sectool with some packages from Fedora. We need to fix them by coordinating with our packagers, so be patient. We hope they disappear soon.

Default F9 installation

should be clean nowdays, it contains only this warning and it probably fixed in rawhide

	Warning(08)   Symbolic link "/usr/bin/platex" points to a non-existent file "ptex".

F9 with 7900 packages

This was run on a Fedora 9 with 7900 packages installed (about 80% of all the Fedora repository, takes about 37GB) - only tests with errors or warnings are mentioned..

Summary: 12 errors, 14 warnings

Test Name: firewall                                         Test Result: WARNING
	Warning(01)   Policy for IPv4 INPUT chain is set to ACCEPT and the chain doesn't contain REJECT rule which should be the last in chains with this policy.
	Warning(14)   IPv4 forwarding is ENABLED.
Test Name: vsftpd                                             Test Result: ERROR
	Error(04)     File '/etc/vsftpd.user_list' does not exist ! (userlist_file option)
	Error(04)     File '/var/log/xferlog' does not exist ! (xferlog_file option)
	Warning(07)   Selinux is preventing to access user home directories.
Test Name: aliases                                          Test Result: WARNING
	Warning(01)   Alias 'cb' contains command 'cdb', which was not found
	Warning(01)   Alias 'cv' contains command 'cdb', which was not found

the cb and cv aliases are from package cdargs. cdb is a function defined in /etc/profile.d/cdargs.sh So I have to test if the alias is a function (by declare -f | which --read-functions), too. (michel)

Test Name: passwd                                             Test Result: ERROR
	Error(22)     /etc/passwd: Line 79: User radiusd has strange shell /bin/false
	Error(22)     /etc/passwd: Line 80: User nx has strange shell /usr/libexec/nx/nxserver
	Error(22)     /etc/passwd: Line 83: User fcron has strange shell /bin/true
	Error(22)     /etc/passwd: Line 90: User nut has strange shell /bin/false
	Error(22)     /etc/passwd: Line 93: User nginx has strange shell /bin/false
	Error(22)     /etc/passwd: Line 97: User ldap has strange shell /bin/false
	Error(22)     /etc/passwd: Line 132: User haproxy has strange shell /bin/false
	Error(22)     /etc/passwd: Line 134: User kannel has strange shell

why not to use /bin/false? read this http://www.semicomplete.com/articles/ssh-security/

Test Name: home_files                                         Test Result: ERROR
	Error(04)     User "nx" allows users from his group to write to his .ssh/authorized_keys!
	Error(07)     User "nx" allows other users to write to his .ssh/authorized_keys!
Test Name: path                                             Test Result: WARNING
	Warning(01)   Path variable contains directory , which doesn't exist
Test Name: filesystem                                       Test Result: WARNING
	Warning(08)   Symbolic link "/etc/alternatives/mpi-run-man" points to a non-existent file "/usr/share/openmpi/1.2.4-gcc/man/man1/mpirun.1.gz".
	Warning(08)   Symbolic link "/etc/alternatives/mpi-exec-man" points to a non-existent file "/usr/share/openmpi/1.2.4-gcc/man/man1/orterun.1.gz".
	Warning(02)   File "/etc/horde/registry.d/README" is executable and group writable.
	Warning(08)   Symbolic link "/etc/raddb/sites-enabled/inner-tunnel" points to a non-existent file "../sites-available/inner-tunnel".
	Warning(03)   File "/var/run/funcd.pid" is world writable.
	Warning(03)   File "/var/run/certmaster.pid" is world writable.
	Warning(03)   File "/var/lib/openhpi/uid_map" is world writable.
	Warning(08)   Symbolic link "/usr/bin/platex" points to a non-existent file "ptex".

the platex symlink issue is probably fixed in rawhide