From owner-freebsd-security Thu Aug 12 16:21:13 1999 Delivered-To: freebsd-security@freebsd.org Received: from demos.su (mx.demos.su [194.87.0.32]) by hub.freebsd.org (Postfix) with ESMTP id 950DB14E07 for ; Thu, 12 Aug 1999 16:21:07 -0700 (PDT) (envelope-from mishania%yormungandr.demos.su%sinbin.demos.su@kremvax.demos.su) Received: from kremvax.demos.su ([194.87.0.20] verified) by demos.su (CommuniGate Pro SMTP 3.1b7) with ESMTP id 1069994 for freebsd-security@freebsd.org; Fri, 13 Aug 1999 03:20:54 +0400 Received: by kremvax.demos.su (8.6.13/D) from 0@sinbin.demos.su [194.87.5.31] with ESMTP id DAA16719; Fri, 13 Aug 1999 03:20:07 +0400 Received: from yormungandr.demos.su by sinbin.demos.su with ESMTP id DAA26254; (8.6.12/D) Fri, 13 Aug 1999 03:19:06 +0400 Received: (from mishania@localhost) by yormungandr.demos.su (8.9.3/8.9.2) id DAA94236; Fri, 13 Aug 1999 03:18:14 +0400 (MSD) (envelope-from mishania) Date: Fri, 13 Aug 1999 03:18:14 +0400 From: "Mikhail A. Sokolov" To: Tom Brown Cc: "'freebsd-security@freebsd.org'" Subject: Re: "Secure-FreeBSD" Idea Message-ID: <19990813031813.A94114@demos.su> References: <01BEE4A8.6FE3EEC0@beetroot.securify.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <01BEE4A8.6FE3EEC0@beetroot.securify.com>; from Tom Brown on Thu, Aug 12, 1999 at 09:52:48AM -0700 X-Point-of-View: Gravity is myth, - the earth sucks. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Aug 12, 1999 at 09:52:48AM -0700, Tom Brown wrote: # HI, # # Now realistically all this would have to be is a really anal installation process, forcing the user to positively select services such as ftp,telnet, sendmail etc. So if you don't select anything, you can't much. It would also have carefully set UMASKS and probably come with some easy way to get the user to set-up tripwire and ipfw for example. # # I suspect that most of the readers of this list spend a fair amount of time going through the same laborious process of tying down each server they built. How about we pools this vast collection of procedures together and try to build some kind of a security release. We all know (well at least I hope we do!) what a solid O/S FreeBSD is, wouldn't this be the ideal opportunity, to push the OS further into the public eye? Robert Watson has some tools, which are supposed to be bringing standard system install to somewhat more secure state, it was under the idea of 'the freebsd hardening project'. I guess he reads this list and could comment, actually. # # Tom -- -mishania P.S. Please wrap lines when composing mails. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message