File: yasat.advices

package info (click to toggle)
yasat 526-1
  • links: PTS
  • area: main
  • in suites: wheezy
  • size: 920 kB
  • sloc: sh: 4,723; makefile: 47
file content (412 lines) | stat: -rw-r--r-- 16,163 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
EN,ACCOUNTING_NOT_ENABLED=Enable the accounting with accton
ADVICEEND
EN,ACCOUNTING_BSD_NOT_ENABLED=Enable the accounting in rc.conf with accounting_enable=YES
ADVICEEND
EN,ACCOUNTING_MISSING_FILE=This file is missing, touch it
ADVICEEND
EN,ACCOUNTING_BTMP=Create this file for the lastb command
ADVICEEND
EN,ACCOUNTING_FAILLOG=Create this file for the faillog command
ADVICEEND
EN,INSTALL_AUDITD=Install the auditd daemon
ADVICEEND
EN,APACHE_CONF_TIMEOUT=configure timeout below 20s
ADVICEEND
EN,APACHE_CONF_HOSTNAMELOOKUPS=Set HostNameLookup to off
ADVICEEND
EN,APACHE_CONF_SERVERSIGNATURE=Hide apache version by setting serversignature off
ADVICEEND
EN,APACHE_CONF_SERVERTOKENS=Hide apache version by setting servertokens to prod
ADVICEEND
EN,APACHE_CONF_SSL_SSLV2=SSLV2 is deprecated, disable it with -SSLv2
ADVICEEND
EN,APACHE_CONF_PROXYREQUESTS=You are acting as an open-proxy, check your configuration for be sure to enable only local users
ADVICEEND
EN,APACHE_CONF_TRACEENABLE=Disable the TRACE debugging function.
ADVICEEND
EN,APACHE_CONF_LIMITREQUESTBODY=Set the limitrequestbody directive
ADVICEEND
EN,APACHE_CONF_LIMITREQUESTFIELDS=Set the LimitRequestFields directive
ADVICEEND
EN,APACHE_CONF_LIMITREQUESTFIELDSIZE=Set the LimitRequestFieldsize directive
ADVICEEND
EN,APACHE_CONF_LIMITREQUESTLINE=Set the limitrequestline directive
ADVICEEND
EN,APACHE_ERRORDOC_CUSTOM=Use a custom ErrorDocument
ADVICEEND
EN,APACHE_CONF_KEEPALIVES=Enable keepalive
ADVICEEND
EN,APACHE_CONF_KEEPALIVE_TIMEOUT=Decrease the value of keepalivetimeout
ADVICEEND
EN,APACHE_MODULE_ERROR_CODE=Check your apache configuration
ADVICEEND
EN,APACHE_MODULE_DISABLE_UNNECESSARY_MODULES=Disable unnecessary modules
ADVICEEND
EN,APACHE_USER_OWNER_CONF_REP=Apache configuration files must be owned by root
ADVICEEND
EN,APACHE_USER_GROUP_CONF_REP=Apache configuration files must be group owned by root
ADVICEEND
EN,APACHE_USER_OTHERS_CONF_REP=Apache configuration files must not have others access
ADVICEEND
EN,APACHE_USER_BAD_SHELL=apache must not have a shell
ADVICEEND
EN,APACHE_USER_PASSWD_IN_CONF_REP=It's preferred to put htpasswd files in a directory group owned by apache that is not a docroot
ADVICEEND
EN,APACHE_VHOSTS_OPTIONS_INDEXES=Disable the directory's content providing
ADVICEEND
EN,APACHE_VHOSTS_OPTIONS_EXECCGI=Disable the possibility to use CGI scripts
ADVICEEND
EN,APACHE_VHOSTS_NO_ORDER_CLAUSE=Add an order allow,deny clause to your vhost
ADVICEEND
EN,APACHE_VHOSTS_DOCROOT_BADGROUP=The docroot's files must be group owned by apache
ADVICEEND
EN,APACHE_VHOSTS_DOCROOT_OTHERRIGHTS=The docroot's files must not be readable by others
ADVICEEND
EN,APACHE_VHOSTS_DOCROOT_GROUPW=The docroot's files must not be writable by apache
ADVICEEND
EN,APACHE_VHOSTS_KNOWN_NAME=TODO is this location useful?
ADVICEEND
EN,APACHE_VHOSTS_NO_ROBOTS_TXT=You can put a robots.txt for controlling where the search engine goes
ADVICEEND
EN,APACHE_VHOSTS_NO_ACCESSLOG=Define an accesslog
ADVICEEND
EN,APACHE_VHOSTS_NO_ERRORLOG=Define an errorlog
ADVICEEND
EN,APACHE_VHOSTS_AUTHFILE_NOTFOUND=You have defined an authfile, but I can't find it
ADVICEEND
EN,APACHE_VHOSTS_VAR_WWW=It's preferable to use a docroot like /var/www/servername/
ADVICEEND
EN,APACHE_VHOSTS_NO_DOCROOT=Define a documentroot
ADVICEEND
EN,BINARIES_UNKNOWN=This binary is not in yasat's SetUID db
ADVICEEND
EN,BINARIES_BAD_RIGHT=THIS CHECK IS IN DEVELOPMENT
EN,BINARIES_NO_AIDE=Install AIDE integrity checker
ADVICEEND
EN,BINARIES_NO_TRIPWIRE=Install TRIPWIRE integrity checker
ADVICEEND
EN,BINARIES_NO_CHKROOTKIT=Install chkrootkit
ADVICEEND
EN,BINARIES_REMOVE_SETUID=Limit the number of set-uid binary
ADVICEEND
EN,BINARIES_NO_POSIXCAPSTOOLS=I cannot test POSIX CAPS for your setuid binaries
ADVICEEND
EN,BINARIES_CAN_HAVE_POSIX_CAPS=You can set POSIX CAPS
ADVICEEND
EN,UMASK_NOT027=Set umask to 027
ADVICEEND
EN,NO_FORK_BOMB_PREVENTION=Set a hard ulimit
ADVICEEND
EN,FILES_WITHOUT_OWNER=Correct the permissions for these files
ADVICEEND
EN,FILES_WITHOUT_GROUP=Correct the group permissions for these files
EN,LIMITS_NO_CORE_RESTRICTION=Prevent the creation of core files
ADVICEEND
EN,LD_SO_CONF_UNK_LIB=Check if this libray location is normal
EN,SUID_COREDUMPABLE=Disable coredump for suid binaries
ADVICEEND
EN,PASSWORD_MIN_LENGHT=Set minimal password length to at least 8 or more
ADVICEEND
EN,PATH_UNKNOWN=Check if this value is supposed to be in your PATH
ADVICEEND
EN,CUPS_LISTEN=If possible, restrict CUPS to listen only on localhost
ADVICEEND
EN,BIND_HIDE_VERSION=Hide bind's version
ADVICEEND
EN,BIND_HIDE_HOSTNAME=Hide bind's hostname
ADVICEEND
EN,BIND_HIDE_SERVERID=Hide bind's server-id
ADVICEEND
EN,BIND_DISALLOW_RECURSIVE_QUERY=Disallow global access to recursive query
ADVICEEND
EN,BIND_MAX_CACHE_SIZE=Limit the amount of cache used by bind
ADVICEEND
EN,FIREWALL_POLICY_INPUT=Configure your firewall with a drop by default policy
ADVICEEND
EN,FIREWALL_POLICY_OUTPUT=Configure your firewall with a drop by default policy
ADVICEEND
EN,FIREWALL_POLICY_FORWARD=Unless this machine is a router, DROP forwarding
ADVICEEND
EN,FIREWALL_TEST_ERROR=Arggg i can't test your firewall
ADVICEEND
EN,FIREWALL_IPV6_NO_FW=Install ip6tables and configure a firewall
ADVICEEND
EN,FIREWALL_PF_NOT_ENABLED=Enable PF firewall
ADVICEEND
EN,FIREWALL_PF_NO_RULES=TODO
ADVICEEND
EN,KERNEL_CONFIG_COMPAT_BRK=TODO
ADVICEEND
EN,KERNEL_CONFIG_COMPAT_VDSO=TODO
ADVICEEND
EN,KERNEL_MMAP_MIN_ADDR=Set this to 4096
ADVICEEND
EN,KERNEL_CONFIG_MCE
ADVICEEND
EN,KERNEL_NO_NX_BIT=Check NX bit support for your processor
ADVICEEND
EN,KERNEL_NO_CONFIG=Can't find you kernel config
ADVICEEND
EN,KERNEL_CONFIG_STRICT_DEVMEM=Disable access to /dev/mem
ADVICEEND
EN,KERNEL_CONFIG_DEVKMEM=Disable the creation of /dev/kmem
ADVICEEND
EN,KERNEL_EXEC_SHIELD=Enable Exec-Shield
ADVICEEND
EN,OPENBSD_SECURE_LEVEL_BELOW_ZERO=Set secure level at level 0 or more
ADVICEEND
EN,KERNEL_CONFIG_PAX=Use PAX to harden your kernel
ADVICEEND
EN,KERNEL_CONFIG_GRSEC=Use GRsec to harden your kernel
ADVICEEND
EN,KERNEL_CONFIG_SECURITY_SELINUX=Use SELinux to harden your kernel
ADVICEEND
EN,KERNEL_USB_MODULES=On a server, disable USB
ADVICEEND
EN,KERNEL_FIREWIRE_MODULES=On a server, disable FireWire
ADVICEEND
EN,KERNEL_RANDOM_VA_SPACE=Activate the randomize_va_space
ADVICEEND
EN,KERNEL_CONFIG_DEBUG_SET_MODULE_RONX=Set KERNEL_CONFIG_DEBUG_SET_MODULE_RONX
ADVICEEND
EN,KERNEL_CONFIG_DEBUG_RODATA=Set KERNEL_CONFIG_DEBUG_RODATA
ADVICEEND
EN,KERNEL_CONFIG_DEBUG_STRICT_USER_COPY_CHECKS=Set KERNEL_CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
ADVICEEND
EN,LDAP_NO_TLS=Enable TLS for slapd
ADVICEEND
EN,LDAP_PASSWD_CLEAR=Use a secure storage for passwd
ADVICEEND
EN,LDAP_BINDV2=Disable bindv2
ADVICEEND
EN,LDAP_BIND_ANON=Disable anonymous bind
ADVICEEND
EN,LDAP_REQUIRE_AUTHC=Set require authc
ADVICEEND
EN,SYSTEM_LOG_TWO_LOGGERS=Strange, you have two system loggers
ADVICEEND
EN,SYSTEM_LOG_NO_LOGGERS=Configure and run a system logger
ADVICEEND
EN,SYSLOGNG_NOLOGHOST=Set up a remote logging server
ADVICEEND
EN,SYSLOG_NOLOGHOST=Set up a remote logging server
ADVICEEND
EN,RSYSLOG_NOLOGHOST=Set up a remote logging server
ADVICEEND
EN,LOGROTATE_NOT_ROTATED=Define logrotation for this log
EN,LOGWATCH_TMPDIR_OTHER_READABLE=The TmpDir used by logwatch should not be readble by others.
ADVICEEND
EN,LOGWATCH_SAVE_OTHER_READABLE=The Save directory used by logwatch should no be readable by others.
ADVICEEND
EN,LOGWATCH_LOW_DETAIL_SETTING=Low detail setting can lead to loss of important information.
EN,LOGWATCH_PROBLEMATIC_RANGE_TODAY=Using the log from today can lead to loss of infornation.
ADVICEEND
EN,LOGWATCH_PROBLEMATIC_RANGE_ALL=Using all logs can be too much.
ADVICEEND
EN,LOGWATCH_CHECK_ALL_SERVICES=You could be missing important information
ADVICEEND
EN,LOGWATCH_DISABLED_SERVICE_CHECK=You should check whether the disabled checks are needed.
EN,LOGWATCH_TMPDIR_DEFAULT=The default setting is /var/cache/logwatch.
EN,LOGWATCH_NO_SERVICES_FOUND=No Services are checked!
ADVICEEND
EN,LOGWATCH_NO_LOGDIR=The LogDir is either a file or doesn't exist.
ADVICEEND
EN,LOGWATCH_LOGDIR_OTHER_WRITABLE=LogDir should not be writable by anyone other than the owner.
EN,LOGWATCH_ONLY_ONE_LOGFILE=Checking only one logfile can lead to loss of information. 
ADVICEEND
EN,LOGWATCH_NO_LOGS_CHECKED=Could not find any logfiles that are to be checked.
ADVICEEND
EN,LOGWATCH_DEFAULT_SETTING=Consider setting this directive in the config.
EN,LOGWATCH_NO_LOGS_CHECKED=Could not find any logfiles that are to be checked.
ADVICEEND
EN,LOGWATCH_TMPDIR_NOT_FOUND=Isn't a directory.
ADVICEEND
EN,LOGWATCH_ARCHIVES_NOT_CHECKED=Log archives are not parsed. This should be enabled.
ADVICEEND
EN,LOGWATCH_HOSTLIMIT_NO=Unless this is logserver, HostLimit should be enabled.
EN,MYSQL_CONF_BIND=If possible, mysql should listen only on localhost
EN,MYSQL_CONF_NO_SLOWQUERY_LOG=Log slow query
ADVICEEND
EN,MYSQL_CONF_BINLOGS=Are the binlogs useful to you ?
ADVICEEND
EN,MYSQL_CONF_NO_EXPIRELOGSDAYS=Set an expire_logs_days
ADVICEEND
EN,MYSQL_RUN_AS_ROOT=mysqld must not be run as root
ADVICEEND
EN,MYSQL_USER_HAVE_SHELL=Mysqld user must not have a shell
ADVICEEND
EN,MYSQL_LOG=Disable request log
ADVICEEND
EN,NETWORK_ICMP_ECHO_IGNORE_BROADCASTS=Set icmp_echo_ignore_broadcasts to 1
ADVICEEND
EN,NETWORK_FIN_TIMEOUT=Decrease tcp_fin_timeout value
ADVICEEND
EN,NETWORK_IGNORE_BOGUS_ERROR_RESPONSES=Set icmp_ignore_bogus_error_responses to 1
ADVICEEND
EN,NETWORK_CONF_ALL_ACCEPT_REDIRECTS=TODO
ADVICEEND
EN,NETWORK_CONF_DEFAULT_ACCEPT_REDIRECTS=TODO
ADVICEEND
EN,NETWORK_TCP_SYNCOOKIES=Enable TCP_SYN_COOKIE
ADVICEEND
EN,NETWORK_CONF_ALL_ACCEPT_SOURCE_ROUTE=TODO
ADVICEEND
EN,NETWORK_CONF_DEFAULT_ACCEPT_SOURCE_ROUTE=TODO
ADVICEEND
EN,NETWORK_CONF_ENABLE_IP_SPOOFING_PROTECTION=Enable IP spoofing protection
ADVICEEND
EN,NETWORK_CONF_TODO=TODO
EN,NFS_EXPORT_SUBTREE_CHECK=TODO
ADVICEEND
EN,NFS_EXPORT_NO_ROOT_SQUASH=If you can, unset no_root_squash
ADVICEEND
EN,NFS_EXPORT_NO_INTR=Set intr option
ADVICEEND
EN,NFS_EXPORT_UDP=Prefer TCP over UDP
ADVICEEND
EN,NFS_CLIENT_NOAC=For performance, unset noac
ADVICEND
EN,NTPD_NO_NTPD=Install an NTP daemon
ADVICEEND
EN,PACKAGES_USELESS=On a server, if this packages is not used, remove it
ADVICEEND
EN,PACKAGES_NO_PORTAUDIT=Install portaudit
ADVICEEND
EN,PACKAGES_PORTAUDIT_TOOOLD=Refresh portaudit database
ADVICEEND
EN,PACKAGE_REDHAT_RHNSD_DISABLED=Enable rhnsd
ADVICEEND
EN,PARTITION_NODEV=Add a nodev options in /etc/fstab
EN,PARTITION_NOEXEC=Add a noexec options in /etc/fstab
EN,PARTITION_NOSUID=Add a nosuid options in /etc/fstab
EN,PARTITION_SEPARATE_PART=With a separate partition, you can put options like nodev,noexec,nosuid
EN,PHP_CONF_SAFEMODE=If possible use safe_mode
ADVICEEND
EN,PHP_CONF_REGISTER_GLOBALS=Don't use register-globals!!
ADVICEEND
EN,PHP_CONF_ALLOW_URL_INCLUDE=Don't use allow_url_include
ADVICEEND
EN,PHP_CONF_SORT_OPEN_TAG=Don't use short_open_tag
ADVICEEND
EN,PHP_CONF_DISPLAY_ERRORS=Don't display php errors, log them
ADVICEEND
EN,PHP_CONF_ENABLE_DL=Set enable_dl to off
ADVICEEND
EN,PHP_CONF_EXPOSE_PHP=Set expose_php to off
ADVICEEND
EN,PHP_CONF_FILE_UPLOADS=Set file_uploads to off if possible
ADVICEEND
EN,PHP_CONF_REGISTER_LONG_ARRAYS=Set it to off, it's deprecated
ADVICEEND
EN,PHP_CONF_REGISTER_ARGC_ARGV=Set it to off
ADVICEEND
EN,PHP_CONF_EXECCOMM=This function can launch dangerous commands
EN,PHP_CONF_INFODISCLOSURE=This function can display confidential information
EN,PHP_CONF_PHPSESSID=Change the default PHPSESSID name
EN,POSTFIX_OBSOLETE_TLS=see http://www.postfix.org/TLS_README.html
ADVICEEND
EN,POSTFIX_NO_TLS=Enable TLS for sending mail via a TLS secured connection
ADVICEEND
EN,PROCESS_NOT_BE_ROOT=This process must not be run as root
EN,PROCESS_ONLY_ROOT=Logically, this process must be run as root (send a bug ?)
EN,PROCESS_MAY_NOT_BE_ROOT=Does this process need to be run as root ?
EN,PROCESS_CAN_BE_ROOT=This process may be run as a non-root user in some cases
EN,TEMP_SENSORS=Install lm_sensors to monitor temperature.
ADVICEEND
EN,IPMI_NO_BINARY=Install freeipmi/openipmi/ipmitool on a server
ADVICEEND
EN,IPMI_BAD_SNMP_COMM=Change this community string
ADVICEEND
EN,TEMP_SENSOR_PROGRAM_UNK=I don't know the temperature monitoring program for your OS
ADVICEEND
EN,SNMPD_SECMODEL_V1=If possible, use only SNMP v2 or v3
ADVICEEND
EN,SNMPD_DEFAULT_COMMUNITY=Change the default community
ADVICEEND
EN,SQUID_USER_BAD_SHELL=squid must not have a shell
ADVICEEND
EN,SQUID_HIDE_VERSION=Hide the squid version
ADVICEEND
EN,SQUID_ALLOW_UNDERSCORE=Deactivate underscore hostname support
ADVICEEND
EN,SQUID_FTP_SANITYCHECK=Enable FTP sanitycheck
ADVICEEND
EN,SQUID_UNKNOWN_NAMESERVER=Enable ignore_unknown_nameservers
ADVICEEND
EN,SQUID_CHECK_HOSTNAMES=Enable check_hostname
ADVICEEND
EN,SSH_ROOT_LOGIN=Disable direct root login
ADVICEEND
EN,SSH_X11FORWARDING=Disable X11Forwarding
ADVICEEND
EN,SSH_IGNORERHOSTS=Disable IgnoreRhosts
ADVICEEND
EN,SSL_BAD_PRIVATE_RIGHT=This directory and its contents must not have others rights.
EN,TODO=Test in development
ADVICEEND
EN,HDD_SMARTCTL=Monitor your hdd with S.M.A.R.T.
ADVICEEND
EN,HDD_READ_AHEAD_HIGH=Check the value of read_ahead
ADVICEEND
EN,SYSTEM_USER_UMASK=umask must be 027, 022 by default is not strict enough.
EN,SYSTEM_USER_DOTFILES=This file must be chmod 600
EN,SYSTEM_USER_DOTDIR=This directory must be chmod 700
EN,SYSTEM_USER_HOMEDIR_ROOT_SLASH=Why is the homedir / ?
EN,SYSTEM_USER_HOMEDIR_READABLE_BY_OTHERS=The homedir is readable by others
EN,SYSTEM_USER_USELESS=Does this user used by your system ?
EN,SYSTEM_USER_RSA_VS_DSA=RSA keys are preferred.
ADVICEEND
EN,--SYSTEM_USER_PASSWORD_LEAKING=Caution, some password might be visible
ADVICEEND
EN,SYSTEM_USER_MYSQL_HISTORY_PASSWORD_LEAKING=Caution, some password might be visible
ADVICEEND
EN,SYSTEM_USER_USER_wITH_UID0=Check if this account is necessary
ADVICEEND
EN,SYSTEM_USER_NO_HOMEDIR=This user has no homedir, why?
ADVICEEND
EN,SYSTEM_USER_NOPASS_AND_SHELL=This account probably doesn't need a shell
ADVICEEND
EN,SYSTEM_USER_FIREFOX_MIXED_HTTPS=Enable warning of loading mixed HTTP/HTTPS content
ADVICEEND
EN,SYSTEM_USER_FIREFOX_NO_AUTO_UPDATE=Enable automatic check of firefox updates
ADVICEEND
EN,TOMCAT_DEFAULT_WEBAPP=If you don't use this default webapp, remove it
EN,TOMCAT_DEFAULT_PASSWORD=Change the password
EN,VSFTPD_ANONYMOUS_LOGIN=Disable anonymous connection if possible
EN,VSFTPD_ANONYMOUS_UPLOAD=Disable anonymous upload if possible
EN,VSFTPD_ANONYMOUS_ASCII=Disable ASCII mode
EN,VSFTPD_ANONYMOUS_NO_XFERLOG=Add an xferlog entry
EN,VSFTPD_ANONYMOUS_NOCHROOTLOCAL=Chroot local users if possible
EN,XINETD_SERVICES_USELESS=Remove unused services from xinetd (even if disabled)
EN,XINETD_SERVICES_OPTIONAL=Are these services in use ?(remove it otherwise)
EN,XINETD_SERVICES_NODISABLE=Disable this services if you don't use it
EN,XINETD_SERVICES_NO_LOG_TYPE=Add a log_type entry
ADVICEEND
EN,XINETD_SERVICES_NO_LOG_FAILURE=Add a log_on_failure entry
ADVICEEND
EN,XINETD_SERVICES_NO_ONLY_FROM=Add a only_from entry
ADVICEEND
EN,GLOBAL_MULTIPLE_DECLARATIONS=Unable to discern which declaration is really used
EN,GLOBAL_FILE_CHMOD640=This file must be chmoded 640 or 600
ADVICEEND
EN,GLOBAL_FILE_CHMOD600=This file must be chmoded 600
ADVICEEND
EN,GLOBAL_FILE_MUST_BE_OWNED_BY_ROOT=This file must be owned by the root user
EN,GLOBAL_FILE_MUST_BE_GROUPED_BY_ROOT=This file must be group owned by the root user (root or wheel)
EN,GLOBAL_FILE_OTHER_WRITABLE=Do a chmod o-w <i>name_of_the_file</i>
EN,GLOBAL_FILE_OTHER_READABLE=Do a chmod o-rxw <i>name_of_the_file</i>
EN,GLOBAL_INTERNAL_ERROR=Internal error, probably a bug
EN,GLOBAL_SKIPPED_LONG_TESTS=Long tests skipped, use -f to include them
EN,YASAT_BUG=Argg a bug, please report it.
EN,YASAT_DENIED=You got a permission denied, are you root ?
EN,CERTIFICATE_OUTDATED=This certificate will outdated soon.
EN,GLOBAL_PACKAGE_INSTALLED_AT_HAND=Why have you installed this package manually ?
ADVICEEND
EN,GLOBAL_PRIVATE_KEY_NOT_PASSWORD_PROTECTED=Password protect you private key
ADVICEEND
EN,GLOBAL_RSA_KEY_SIZE=RSA keys must be 2048bits at minimum
ADVICEEND
EN,GLOBAL_BINARY_PIE=TODO
ADVICEEND
EN,GLOBAL_BINARY_SSP=TODO
ADVICEEND