|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: suid bit files + securing FreeBSD (new program: LockDown)
From: Socketd (db
traceroute.dk)
Date: Sun Jul 27 2003 - 11:55:32 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, 27 Jul 2003 10:29:23 -0500
D J Hawkey Jr <hawkeydvisi.com> wrote:
> > LockDown could search for ALL suid and gid files and set the
> > permissions accordingly to the conf file, the files not listed there
> > would be disabled (or set to a user specified default)...
>
> Now you're thinking along the lines I'm thinking. Something of a
> system hyper- or super-visor.
Well I don't know if we are thinking along the same lines. LockDown is
not meant to be an IDS or system monitor program, just a quick secure
setup helper.
> I do like the idea of checking /etc... maybe... using cksum(1), or
> something like that. I currently use local periodic(8) scripts,
> similar to /etc/periodic/daily/2*, that backs up /etc, /etc/mail, and
> /etc/namedb.
By /etc support I meant options like rc_conf, login_class and openssh
for "all" files in /etc
> NOTE: I'm not a committer! I only mention the possibility; I can't
> make it so.
Hehe, I know :-)
> I've gotten pretty fluent with sh(1), awk(1), and sed(1). I could
> pro'lly write what you envision in a shell script. I wouldn't want to
> re-write a C++ program though; I'm not well versed in C++'s "nuances".
The program is really easy to write since it only change file
permissions and add text to some files in /etc (and other easy to write
stuff)
br
socketd
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]