Date: Wed, 30 Jul 2003 20:14:00 +0200 From: Socketd <db@traceroute.dk> To: twig les <twigles@yahoo.com>, security@freebsd.org Subject: Re: suid bit files + securing FreeBSD (new program: LockDown) Message-ID: <20030730201400.1708d588.db@traceroute.dk> In-Reply-To: <20030730171658.65834.qmail@web10102.mail.yahoo.com> References: <20030730015431.4120c648.db@traceroute.dk> <20030730171658.65834.qmail@web10102.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 30 Jul 2003 10:16:58 -0700 (PDT) twig les <twigles@yahoo.com> wrote: > I really like the sound of having a shell script to run and lock > down systems right after install (or makeworld upgrade); I was > considering hacking something together myself with my altogether > mediocre scripting skills. Might I suggest that it have a conf > file that sets up a script that we can simply scp to another box > and run without having to have a conf file on that box? Also > can we email you privately with "feature requests" like setting > umask, etc.? Well, LockDown only has two files (the executable and the conf file) and I'm gonna write it in C++, so making the C++ write a second program in a different language (which I don't master) is maybe a little overkill ;-) But feel free to write me. I will start working on LockDown in about 2-3 weeks (I think) and I'll post a notice here when I am "done". > If you run with this I hope you'll post the script somewhere and > tell us so we can tinker with it until it makes it to the ports > or whatever. It makes more sense than me just making a > checklist and following it every time. LockDown is just an automatic security checklist ;-) br socketd
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030730201400.1708d588.db>