Description of problem:

Many of the binaries in /usr/sbin/ are set to mode 750.  This isn't necessary
and causes problems (e.g. coredumps may not be created for binaries that aren't
world readable).  There is no security benefit to making regular (non-suid)
binaries in /usr/sbin/ restricted.

Other files have restrictive modes that should be reviewed to see if they are
really necessary, such as the configuration files (not private key data files)
logrotate configuration, stock/cached zone files, initscript, etc.

Version-Release number of selected component (if applicable):
9.5.0-23.b1.fc9
  
Actual results:

-rw-r-----    1 root    named             163 Dec 27 10:24 /etc/logrotate.d/named
-rw-r-----    1 root    named             997 Jun 14  2007 /etc/named.conf
-rw-r-----    1 root    named             931 Jun 21  2007 /etc/named.rfc1912.zones
-rwxr-xr--    1 root    root             6146 Dec 27 10:24 /etc/rc.d/init.d/named
-rw-r-----    1 root    named               0 Dec 27 10:24 /etc/rndc.conf
-rw-r-----    1 root    named             602 Dec 27 10:24 /etc/sysconfig/named
-rwxr-x---    2 root    root           424996 Dec 27 10:24 /usr/sbin/lwresd
-rwxr-x---    2 root    root           424996 Dec 27 10:24 /usr/sbin/named
-rwxr-x---    1 root    root             7382 Dec 27 10:24 /usr/sbin/named-bootconf
lrwxr-x---    1 root    root               15 Dec 27 10:24
/usr/sbin/named-compilezone -> named-checkzone
-rwxr-x---    1 root    root            25968 Dec 27 10:24 /usr/sbin/rndc
-rwxr-x---    1 root    root            13684 Dec 27 10:24 /usr/sbin/rndc-confgen

Expected results:

I would expect at least all the binaries and initscripts to be mode 755.  The
config files are less of a concern, but may be overly restrictive.