From owner-freebsd-hackers  Fri May  8 17:33:24 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA21584
          for freebsd-hackers-outgoing; Fri, 8 May 1998 17:33:24 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA21575
          for <freebsd-hackers@freefall.cdrom.com>; Fri, 8 May 1998 17:33:19 -0700 (PDT)
          (envelope-from tom@sdf.com)
Received: from misery.sdf.com (misery.sdf.com [204.244.213.32])
	by freefall.freebsd.org (8.8.8/8.8.5) with SMTP id RAA14631
	for <freebsd-hackers@freefall.cdrom.com>; Fri, 8 May 1998 17:30:17 -0700 (PDT)
Received: from tom by misery.sdf.com with smtp (Exim 1.82 #3)
	id 0yXx8D-0001am-00; Fri, 8 May 1998 17:04:49 -0700
Date: Fri, 8 May 1998 17:04:38 -0700 (PDT)
From: Tom <tom@sdf.com>
To: Sanjit Roy <fiber@phy.iitkgp.ernet.in>
cc: freebsd-hackers@freefall.cdrom.com
Subject: Re: how safe is FreeBSD 2.2.5
In-Reply-To: <3553963E.F2C5DE6@phy.iitkgp.ernet.in>
Message-ID: <Pine.BSF.3.95q.980508165800.6043B-100000@misery.sdf.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Sat, 9 May 1998, Sanjit Roy wrote:

> I need some advise regarding the security level in FreeBSD. Lately, a
> lot of students in my university campus have been into hacking activity.
> I have a Linux (kernel 1.2.8) system on one of my mail gateways and it's

  Security problems on Linux (and all Unix distributions) normally have
more to do with the version of the user mode stuff, rather than the
kernel.  Unfortunately, Linux versions everything separately, so "Linux
1.2.8" is meaningless.

> a piece of cake becoming 'root' on that machine. I immediately need to
> upgrade that to either REDHAT Linux 5.0 or FreeBSD 2.2.5. I have both
> the flavours of unix available with me.
> 
> What I want to know is :
> 
> 1. which of the two is more secure?

  I don't know.  There are a lot of updates on www.redhat.com for 5.0.
FreeBSD 2.2.5 is obsolete and has been replaced by 2.2.6.  Rehat
5.0+updates should be equivelant to FreeBSD 2.2.6+updates

> 2. Is shadow util really effective in Linux. Don't know if there's one
> in FreeBSD?

  FreeBSD automatically shadows the password file.  In fact there is no
option to run without.  The nice part is that it is transparent to
applications.

> 3. what do i have to do/install to make my system secure i.e, what are
> the available patches and where do i get them?

  Install 2.2.6 instead of 2.2.5.  Check patches directory for last minute
changes.

  Making your system is more about what you don't install (or deinstall)
rather than what you install.  Many people install other software that
allows easy breakins, mainly due to misconfiguration.

  For example, the problem on your Linux mail gateway could just because
you haven't updated Sendmail.  Or, because you let other users even login
into mail gateways (I setup all mail gateways as closed servers,
dramatically improving security).

> Hoping to hear from you soon.
> Sanjit.
> fiber@phy.iitkgp.ernet.in

Tom


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message