From owner-freebsd-questions@FreeBSD.ORG Thu Jan 7 19:09:54 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D52E21065676 for ; Thu, 7 Jan 2010 19:09:54 +0000 (UTC) (envelope-from apseudoutopia@gmail.com) Received: from mail-ew0-f226.google.com (mail-ew0-f226.google.com [209.85.219.226]) by mx1.freebsd.org (Postfix) with ESMTP id 6FB2F8FC1D for ; Thu, 7 Jan 2010 19:09:54 +0000 (UTC) Received: by ewy26 with SMTP id 26so16989481ewy.3 for ; Thu, 07 Jan 2010 11:09:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:from:date:message-id :subject:to:content-type; bh=6oaLbRkuwcN4xGO2riGj6oyI4APuJfQaS5zAn48FbQQ=; b=uArnF1H0PpqPsTLkHY0NFnxL2l7mXnFXxpLCJKRTNxzUlxV3H2lBUjvlMVg6ojmfHb +tvDin1rzu1royNLWdYWLUbMwKNqnrneePWXoQOqkLPiqFsPt7GH3qHVecNIdpYahbWP 2zou/kxqTJCnM7vWZFOUE6RvJ0cAmW/EP3kv8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; b=rZBAAAEeEE7vJkYAgg30ebYIdI8s1y6RjDY/3Rc/zjRdP1u2MkIQ7VhftHDZi1XL6K HuVK5wqqwl0X5wi2Hgys4GyO31L+EjAuXS0vxI5byRy97MSfbOzUrq1+b0WagHpamJIc //yFITqRRRNECjhBObvBy7eCb6FNnmwpO7J+k= MIME-Version: 1.0 Received: by 10.216.86.206 with SMTP id w56mr967940wee.1.1262891389144; Thu, 07 Jan 2010 11:09:49 -0800 (PST) From: APseudoUtopia Date: Thu, 7 Jan 2010 14:09:29 -0500 Message-ID: <27ade5281001071109m66eb5f83j6042ba5a19c3b443@mail.gmail.com> To: FreeBSD Questions Content-Type: text/plain; charset=UTF-8 Subject: Security Hardening: Removing Permissions; Suggestions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jan 2010 19:09:54 -0000 Hey list, I'm working on a shell script that basically removes the group and the other permissions from certain files to harden my system. Right now, the only files I'm doing this on is the GCC compiler collection. I'm asking for suggestions on other files that these permissions can be removed from in order to help further secure the system (a headless db and web server). $CHMOD o=,g= /usr/bin/cc $CHMOD o=,g= /usr/bin/cpp $CHMOD o=,g= /usr/bin/gcov $CHMOD o=,g= /usr/bin/ld $CHMOD o=,g= /usr/bin/gdb $CHMOD o=,g= /usr/bin/c++ Thanks!