I was just wondering about the differences : $ ls -l /var/log/lynis* -rw-r----- 1 root root 407830 Apr 5 16:22 /var/log/lynis.log -rw-r----- 1 root root 20643 Apr 5 16:22 /var/log/lynis-report.dat $ ls -l /etc/lynis/default.prf -rw-r--r-- 1 root root 10356 Apr 11 00:04 /etc/lynis/default.prf I contacted the author of lynis and he confirmed that the weak perms came from the Gentoo install method rather than from a lynis installer itself. >Hi Toralf, > >In that case it is better to report it to the Gentoo package maintainer >directly. >I agree that normal users should not be able to see configuration files, if not >necessary to run the software ;-) > >Kind regards, > >Michael
Hi Toralf, I adjusted the default perms in 1.5.0-r1 to be more strict. You may have to unmerge lynis first as it wont override the permissions. Thanks!