Run a collection of simple system checks
The checksecurity command runs a small collection of simple system checks which are designed to catch a few common security issues. checksecurity is run by cron in a daily basis.
The checksecurity.conf file defines several configuration variables: MAILTO, CHECK_DISKFREE, CHECK_PASSWD and CHECK_SETUID LOGDIR. Each is described below.
The checksecurity program works with a collection of plugins which are located in /usr/share/checksecurity and are configured individually by their own configuration file.
CHECK_PASSWD If this is set to TRUE then the check-passwd script will be invoked. This script is designed to report upon system accounts which have no passwords. CHECK_DISKFREE If this is set to TRUE then the check-diskfree script will be invoked and will allow an alert to be sent if there is any mounted partition is running short on disk space. CHECK_SETUID If this is set to TRUE then the check-setuid script will be invoked, this will compare the setuid binaries upon the system to those that existed previously and show the differences.
checksecurity configuration file