From owner-freebsd-security Wed Aug 16 16:30:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 0CEBB37BBB6; Wed, 16 Aug 2000 16:30:51 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id QAA28944; Wed, 16 Aug 2000 16:30:50 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 16 Aug 2000 16:30:50 -0700 (PDT) From: Kris Kennaway To: Mike Silbersack Cc: security@freebsd.org Subject: Re: Hilighting dangerous ports In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 16 Aug 2000, Mike Silbersack wrote: > Any way this could be mailed to root as well, or incorporated into that > day's security log? I find when I'm installing ports, I tend to zoom by > all the messages. However, if the info was (in addition) mailed to me, > I'd be more likely to pay attention. The setuid files will show up in the daily report. More useful than reporting startup scripts would probably be a list of current programs which are listening on sockets (from sockstat or whatever) - or do you think etc/rc.d changes are also worthwhile? I've got an improved /etc/security script which I'm working on at the moment - I'll look at optionally adding this to the report as well. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message