From owner-freebsd-security Sat Sep 16 9:32:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id E28ED37B42C for ; Sat, 16 Sep 2000 09:32:39 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id JAA11095 for ; Sat, 16 Sep 2000 09:32:39 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda11089; Sat Sep 16 09:32:25 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id JAA71830 for ; Sat, 16 Sep 2000 09:32:25 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdz71827; Sat Sep 16 09:32:16 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.0/8.9.1) id e8GGWGO42682 for ; Sat, 16 Sep 2000 09:32:16 -0700 (PDT) Message-Id: <200009161632.e8GGWGO42682@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdK42677; Sat Sep 16 09:31:42 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.1-RELEASE X-Sender: cy To: freebsd-security@freebsd.org Subject: Option 3 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 16 Sep 2000 09:31:41 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org A blind carbon copy of this note has been sent to freebsd-arch for those who have subscribed to freebsd-arch and are not subscribed to freebsd-security. Here is the script I eluded to in Option 3 in the freebsd-arch discussion about Rsh/Rlogin/Rcmd & friends. I've used various forms of this script for over 7 years on various UNIX platforms. Use it and modify it as you see fit. It uses Klaxon, a port monitor, to replace and monitor disabled services. You can disable the service without the use of Klaxon. Enclosed are two versions of the script, a civilized version and a Draconian version. Version 1: #!/usr/bin/awk -f $1 !~ /^#/ && $6 != "internal" && $6 !~ /tcpd/ && $6 ~ /sbin/ && $7 !~ /identd/ {print "#==# " $0; print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/etc/tcpd\t" $7 "\t" $8 " " $9} $1 !~ /^#/ && $6 != "internal" && $6 !~ /tcpd/ && $6 !~ /sbin/ && $7 !~ /identd/ {print "#==# " $0; print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/etc/tcpd\t" $6 "\t" $8 " " $9} $1 != "time" && $6 == "internal" {print "#==# " $0} $1 == "time" {print $0} $1 ~ /^#/ || $6 ~ /tcpd/ || $7 ~ /identd/ {print $0} Version 2: #!/usr/bin/awk -f $1 !~ /^#/ && $6 != "internal" && $6 !~ /tcpd/ && ( $6 ~ /ftpd/ || $6 ~ /telnetd/ || $6 ~ /rshd/ || $6 ~ /rlogind/ || $6 ~ /rexecd/ || $6 ~ /uucpd/ || $6 ~ /fingerd/ || $6 ~ /tftpd/ || $6 ~ /talkd/ || $6 ~ /rstatd/ || $6 ~ /rusersd/ || $6 ~ /walld/ || $6 ~ /bootps/ || $6 ~ /bootpd/ ) {print "#==# " $0; print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/libexec/klaxon.i dent\tklaxon " $1} $1 !~ /^#/ && $6 != "internal" && $6 !~ /tcpd/ && $6 ~ /sbin/ {print "#==# " $0; print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/etc/tcpd\t" $7 "\t" $8 " " $9} $1 !~ /^#/ && $6 != "internal" && $6 !~ /tcpd/ && $6 !~ /sbin/ {print "#==# " $0; print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/etc/tcpd\t" $6 "\t" $8 " " $9} $1 !~ /^#/ && $6 == "internal" {print "#==# " $0; print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/libexec/klaxon.i dent\tklaxon " $1} $1 ~ /^#/ || $6 ~ /tcpd/ {print $0} Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message