From owner-freebsd-security Thu Jun 26 18:34:05 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id SAA25525 for security-outgoing; Thu, 26 Jun 1997 18:34:05 -0700 (PDT) Received: from kirk.edmweb.com (kirk.edmweb.com [204.244.190.1]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA25520 for ; Thu, 26 Jun 1997 18:34:03 -0700 (PDT) Received: from bluesmoke.edmweb.com (bluesmoke.edmweb.com [204.244.190.8]) by kirk.edmweb.com (8.8.5/8.7.3) with ESMTP id SAA25974; Thu, 26 Jun 1997 18:33:54 -0700 (PDT) Message-Id: <199706270133.SAA25974@kirk.edmweb.com> To: Frank McCormick cc: freebsd-security@FreeBSD.ORG Subject: Re: Minimum files for operation In-reply-to: Your message of "Thu, 26 Jun 1997 17:29:46 PDT." <199706270029.RAA12178@angel.readybox.com> Date: Thu, 26 Jun 1997 18:33:50 -0700 From: Steve Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > The security-related literature I've been through emphasizes the need > to secure the hosts themselves, partly through removing any unneeded > files. (If you're running a mail hub, you probably don't need a C > compiler. If you are providing only Web service with static pages, > you should remove the perl interpreter. And so on.) I wouldn't worry about such things. If someone has broken in to your system, they can upload the C compiler, Perl interpreter, and whatever else they need. Clever use of redirection is all it takes. What you _should_ worry about are the privileged programs that are set-UID or set-GID. FreeBSD (2.1-stable at least, probably most or all other versions) has a "security" script that runs every night and places a list of all suid programs and devices in /var/log/setuid.today It would be a good idea to look at that list and then use chmod to remove the suid bit from programs that you don't need. You may also need to use chflags to remove the schg (immutable) flag before chmod. There was a post to this list briefly explaining the functions of most of the suid programs... Check the archives for a message from Marc Slemko, subject "setuid programs in freebsd".