From owner-freebsd-hackers Fri May 8 17:33:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA21584 for freebsd-hackers-outgoing; Fri, 8 May 1998 17:33:24 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA21575 for ; Fri, 8 May 1998 17:33:19 -0700 (PDT) (envelope-from tom@sdf.com) Received: from misery.sdf.com (misery.sdf.com [204.244.213.32]) by freefall.freebsd.org (8.8.8/8.8.5) with SMTP id RAA14631 for ; Fri, 8 May 1998 17:30:17 -0700 (PDT) Received: from tom by misery.sdf.com with smtp (Exim 1.82 #3) id 0yXx8D-0001am-00; Fri, 8 May 1998 17:04:49 -0700 Date: Fri, 8 May 1998 17:04:38 -0700 (PDT) From: Tom To: Sanjit Roy cc: freebsd-hackers@freefall.cdrom.com Subject: Re: how safe is FreeBSD 2.2.5 In-Reply-To: <3553963E.F2C5DE6@phy.iitkgp.ernet.in> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 9 May 1998, Sanjit Roy wrote: > I need some advise regarding the security level in FreeBSD. Lately, a > lot of students in my university campus have been into hacking activity. > I have a Linux (kernel 1.2.8) system on one of my mail gateways and it's Security problems on Linux (and all Unix distributions) normally have more to do with the version of the user mode stuff, rather than the kernel. Unfortunately, Linux versions everything separately, so "Linux 1.2.8" is meaningless. > a piece of cake becoming 'root' on that machine. I immediately need to > upgrade that to either REDHAT Linux 5.0 or FreeBSD 2.2.5. I have both > the flavours of unix available with me. > > What I want to know is : > > 1. which of the two is more secure? I don't know. There are a lot of updates on www.redhat.com for 5.0. FreeBSD 2.2.5 is obsolete and has been replaced by 2.2.6. Rehat 5.0+updates should be equivelant to FreeBSD 2.2.6+updates > 2. Is shadow util really effective in Linux. Don't know if there's one > in FreeBSD? FreeBSD automatically shadows the password file. In fact there is no option to run without. The nice part is that it is transparent to applications. > 3. what do i have to do/install to make my system secure i.e, what are > the available patches and where do i get them? Install 2.2.6 instead of 2.2.5. Check patches directory for last minute changes. Making your system is more about what you don't install (or deinstall) rather than what you install. Many people install other software that allows easy breakins, mainly due to misconfiguration. For example, the problem on your Linux mail gateway could just because you haven't updated Sendmail. Or, because you let other users even login into mail gateways (I setup all mail gateways as closed servers, dramatically improving security). > Hoping to hear from you soon. > Sanjit. > fiber@phy.iitkgp.ernet.in Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message