Date: Tue, 26 Oct 1999 22:32:18 -0700 From: "Dr. Dave" <dave@sneakerz.org> To: "Jean-Pierre H. Dumas" <jphdumas@yahoo.fr> Cc: FreeBSD-Security@freebsd.org Subject: Re: Security tests Message-ID: <19991026223218.B8498@sneakerz.org> In-Reply-To: <19991026143635.25359.rocketmail@web1003.mail.yahoo.com>; from Jean-Pierre H. Dumas on Tue, Oct 26, 1999 at 04:36:35PM %2B0200 References: <19991026143635.25359.rocketmail@web1003.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 26, 1999 at 04:36:35PM +0200, Jean-Pierre H. Dumas wrote: > This is to verify the security of a FreeBSD 3.2 > server I am installing. To be used as a POP3 toaster, > with qmail and vmailmgr. > > I installed and ran COPS (a really old one). > It screamed at me about the /var/spool/uucppublic > directory as beeing *world* writable. > It barfed on the passwd and group having the wrong > number of fields (I assume this is because of the > use of perl 5 vs perl 3 at the time of creation > of COPS, something like @_ changed meaning ?) > Question: is the permission of /var/spool/uucppublic > correct once in drwxrwxr-x ? (I do not use uucp, > but...) Cops is VERY old and outdated. If you would like some more recent security tools, visit http://www.securityfocus.com, they also have a bug tracking archive that you can search through by OS. Keeping security on a system is alot more than installing the packages from /usr/ports/security. > Question: What can I do more to have a realistic > report about this server's security ? If this is a corporate environment you may want to look into a site licence for IIS, internet security scanner, http://www.iss.net > Is there any other scanners or whatever that I can get > and run, either from within the server, or from > outside (I have a FreeBSD 3.2, Linux and Windows 95 > machine on the Ethernet) If you are looking for portscanners, you may want to look at nmap, http://www.insecure.org/nmap -- -------------------------------------------------------------------------- Dave McKay dave@sneakerz.org MSN Hotmail http://www.hotmail.com -------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991026223218.B8498>