exists. From wcmaier@.
Check target of symbolic links to avoid noise at boot and in
seucrity output where you have several interfaces symlinked to one
config file.
"If you think this is the right thing to do" deraadt@

An increasing number of types of these files (e.g. ppp, carp and
wlan adapters) may contain secrets.
ok deraadt oga johan

ok henning

and deleted. previously this script only generated diffs for existing
files.
ok lots of people including millert@ msf@ mcbride@ todd@ and probably more.

Encountered by henning@; ok millert@ robert@ deraadt@

grep should assume ASCII text, fixes umask detection
ok millert@ jaredy@

ok henning@

- sync the comments in /etc/security
ok millert@

Noticed by ian@

OK deraadt@

o Prepare for the update to join(1).
o Handle non-ascii chars in pathnames for setuid and device checks.
ok millert@ deraadt@

ok millert@

checking for non-zero since an empty field is equivalent to 0.
Problem noted by Graeme Lee.

umask detection.

ok millert@

Noted by Brian Poole

samba; this is consistent with useradd and adduser.  From Dan Brosemer.

deraadt and millert ok

We could use skeyinfo(1) to check but this is much cheaper.

--
Patch from: wilfried@ via PR#1761
Ok'd by: deraadt@

get false positives for YP stuff.  Closes PR 1755

just save the md5 checksums so we can still determine when something
change.  Entries in /etc/changelist that are prefixed with a '+'
will only have their md5 checksums saved, not the actual files.

not readable by other" block.  Remove ~/.ssh/random_seed as it is
not used in OpenSSH.
Add ~/.ssh/authorized_keys2, and ~/.ssh/known_hosts to the "must be
owned by user and not writable"  block.

use printf(1) here.  This way there is no possibility of format
string problems and we use a shell builtin instead of an external
command.

inspiration from dynamo@ime.net.
also a typo fix.

-q flag to ls(1) so that non-printable characters will appear as '?'. This
prevents a malicious user from fooling the administrator into thinking the
contents of a file name are actually valid script output (note that you can
put newlines in file names); deraadt@ ok

millert@ ok.

changed so files are e.g. backups/etc_passwd not backups/_etc_passwd