Date: Sat, 11 Mar 2000 16:13:02 -0800 From: Bengt Richter <bokr@accessone.com> To: freebsd-security@freebsd.org Subject: is there a paranoia script ? Message-ID: <3.0.5.32.20000311161302.00931af0@mail.accessone.com>
next in thread | raw e-mail | index | archive | help
I would like a simple centralized interactive (if -i) way to make sure all the "doors" in my system are set to defined states for different modes of operation. By "doors" I mean various means of access to resources, e.g., fire-wall-controlled access, other daemon-controlled access, file-permission-controlled access, etc. Is there a configurable script that can make transitions gracefully (including restore to prev state if interrupted), without shutting down, along the lines of the following? (guided by paranoia.conf) paranoia -q check all "doors" quietly and make and log any necessary changes to conform to paranoia.conf defaults (good double-check at end of startup?) paranoia -s print status of all monitored "doors" to stdout paranoia -i [ -O | -C ] walk through all "doors" in default mode list in paranoia.conf and give option to "open" or "close" each. "-O" would just walk the default open list (the ones that "should be" open), and "-C" would walk the should-be-closed list for optional change. paranoia [ -i | -s ] [ -O | -C ] -m modeName same as above but for an alternate set of defaults in paranoia.conf tagged with "modeName" This would make for easy change between modes defining selective lockouts such as external net, local net, shared resources, etc. crontab could let you define hacker curfew times (e.g., by defining a mode with DSL/cable walled out), which you could interactively override if you get in early (and have priv to run paranoia), etc. This would also make it easier to experiment with toggling combinations of experimental restrictions on file/directory access, etc., with less risk of forgetting to restore something (assuming you defined opened/closed properly in paranoia.conf). This is a sketch of functionality that I'd like in one easy to use script. I'm guessing someone has had this itch before, and scratched it? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.20000311161302.00931af0>