From owner-freebsd-audit Thu Dec 2 8:21:44 1999 Delivered-To: freebsd-audit@freebsd.org Received: from tank.skynet.be (tank.skynet.be [195.238.2.35]) by hub.freebsd.org (Postfix) with ESMTP id 8486114EEE; Thu, 2 Dec 1999 08:21:34 -0800 (PST) (envelope-from root@foxbert.skynet.be) Received: from foxbert.skynet.be (foxbert.skynet.be [195.238.1.45]) by tank.skynet.be (8.9.3/odie-relay-v1.0) with ESMTP id RAA23797; Thu, 2 Dec 1999 17:21:22 +0100 (MET) Received: (from root@localhost) by foxbert.skynet.be (8.9.1/jovi-pop-2.1) id RAA28073; Thu, 2 Dec 1999 17:21:17 +0100 (MET) Mime-Version: 1.0 X-Sender: blk@foxbert.skynet.be Message-Id: In-Reply-To: <384691C6.347BE836@manhattanprojects.com> References: <384691C6.347BE836@manhattanprojects.com> Date: Thu, 2 Dec 1999 16:44:02 +0100 To: Gerald Abshez , Kris Kennaway From: Brad Knowles Subject: Re: Auditing ports Cc: audit@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 10:35 AM -0500 1999/12/2, Gerald Abshez wrote: > While I'm all in favour of making _everything_ secure, I feel we > have to concentrate on the core functionality. Let's not put the > cart before the horse - The base system should be fully eyeballed > before we get all of the ports done. In so far as this goes, I agree -- we need to focus on /usr/src first (setXid stuff before non-setXid?), then we can worry about the ports. However, that said, if we've got automated tools that we can use to help us in this process, then there's no harm in firing them off at the ports in addition to the stuff under /usr/src. But first things first -- we need to define the procedures we're going to use, identify the tools that will help us implement these procedures, identify the most critical targets that should be audited before anything else, etc.... -- These are my opinions -- not to be taken as official Skynet policy ____________________________________________________________________ |o| Brad Knowles, Belgacom Skynet NV/SA |o| |o| Systems Architect, News & FTP Admin Rue Col. Bourg, 124 |o| |o| Phone/Fax: +32-2-706.11.11/12.49 B-1140 Brussels |o| |o| http://www.skynet.be Belgium |o| \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ Unix is like a wigwam -- no Gates, no Windows, and an Apache inside. Unix is very user-friendly. It's just picky who its friends are. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message