jholly@cup.hp.com (Jim Hollenback) writes:

> I0H4CK (it-s.me@laposte.net) wrote:
> : Hi all
>
> : I wanted to know if there was a way to remove the link /etc/syslog.pid
> : (that points to /var/run/syslog.pid), and make syslog understand the new
> : location ?
>
> : This is reported by a security tools...
>
> And what is the particular security problem?
>
> let's see, /etc/syslog.pid points to /var/run/syslog.pid which contains the
> pid of the syslog process. Why do you want to move it? And what is
> particularly sensitive about the syslog process ID number? a simple
> ps -ef | grep syslog gives the same information.

I guess the idea is that the information isn't considered sensitive,
but the danger of someone being able to change it would be a risk,
and the tool (whatever that is) suspects any and all symlinks in
such situations.

Nonetheless, unless the warning was caused by unsafe permissions
in the actual location (/var/run), I would ignore the warning
or (better) configure the tool(s) in question to omit it.

--
Tapani Tarvainen