|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Peter Pentchev (roam
orbitel.bg)Date: Wed Jul 18 2001 - 11:40:02 CDT
On Fri, Mar 23, 2001 at 07:14:45PM +0800, Chih hung Feng wrote:
> on 3/22/2001 2:58 AM, Daniel McCranie at sfmlSNEAKERNETSECURITY.COM wrote:
> > 3,4,5: I know that this probably wouldn't be good in a standard
> > distro but what about a hardening kit? Has this been tried before?
> > Is there something blatantly wrong?
>
> Some systems, like FreeBSD, set immutable flags for all setuid program
> by default. However this doesn't give you extra security cause the
> system runs in insecure mode after installation is finished (I don't
> recall FreeBSD provides secure-level options during installation).
It does, since 4.2-RELEASE. It lets you configure the 'security profile'
of the installed/upgraded system, with four choices: Low, Medium, High
and Extreme. Among other things (inetd/sendmail/portmap/NFS/sshd),
the security profile sets the securelevel.
G'luck,
Peter
-- "yields falsehood, when appended to its quotation." yields falsehood, when appended to its quotation.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]