Date: Mon, 1 Nov 1999 23:02:04 +0100 (CET) From: Jonas Eriksson <je@interact.se> To: "Dr. Dave" <dave@sneakerz.org> Cc: "Jean-Pierre H. Dumas" <jphdumas@yahoo.fr>, FreeBSD-Security@FreeBSD.ORG Subject: Re: Security tests Message-ID: <Pine.BSF.4.10.9911012255150.13260-100000@wolfie.interact.se> In-Reply-To: <19991026223218.B8498@sneakerz.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Try The Nessus remote security scanner, located at: http://www.nessus.org Regards Jonas Eriksson -- InterACT Lule=E5 Network & Security Administrator Tel: +46 (0)920 88803 - Fax: +46 (0)920 88399 Current temp in Lulea/Sweden is 4.6C (40.3F) On Tue, 26 Oct 1999, Dr. Dave wrote: > On Tue, Oct 26, 1999 at 04:36:35PM +0200, Jean-Pierre H. Dumas wrote: > > This is to verify the security of a FreeBSD 3.2 > > server I am installing. To be used as a POP3 toaster, > > with qmail and vmailmgr. > >=20 > > I installed and ran COPS (a really old one). > > It screamed at me about the /var/spool/uucppublic > > directory as beeing *world* writable. > > It barfed on the passwd and group having the wrong > > number of fields (I assume this is because of the > > use of perl 5 vs perl 3 at the time of creation > > of COPS, something like @_ changed meaning ?) > > Question: is the permission of /var/spool/uucppublic > > correct once in drwxrwxr-x ? (I do not use uucp, > > but...) >=20 > Cops is VERY old and outdated. If you would like some more recent securi= ty tools, visit http://www.securityfocus.com, they also have a bug tracking= archive that you can search through by OS. Keeping security on a system i= s alot more than installing the packages from /usr/ports/security. >=20 > > Question: What can I do more to have a realistic > > report about this server's security ? >=20 > If this is a corporate environment you may want to look into a site licen= ce for IIS, internet security scanner, http://www.iss.net >=20 > =20 > > Is there any other scanners or whatever that I can get > > and run, either from within the server, or from > > outside (I have a FreeBSD 3.2, Linux and Windows 95 > > machine on the Ethernet) >=20 > If you are looking for portscanners, you may want to look at nmap, http:/= /www.insecure.org/nmap >=20 > --=20 > -------------------------------------------------------------------------= - > Dave McKay dave@sneakerz.org = =20 > MSN Hotmail http://www.hotmail.com > -------------------------------------------------------------------------= - >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9911012255150.13260-100000>