From owner-freebsd-security Wed Jan 19 21: 1:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id B243E1520C for ; Wed, 19 Jan 2000 21:01:34 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id AAA71311; Thu, 20 Jan 2000 00:05:37 -0500 (EST) (envelope-from cjc) Date: Thu, 20 Jan 2000 00:05:37 -0500 From: "Crist J. Clark" To: Jonathan Fortin Cc: freebsd-security@FreeBSD.ORG Subject: Re: ssh. Message-ID: <20000120000537.C70698@cc942873-a.ewndsr1.nj.home.com> References: <001001bf6296$359d7030$0900000a@server> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <001001bf6296$359d7030$0900000a@server>; from jonf@revelex.com on Wed, Jan 19, 2000 at 09:59:47AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Jan 19, 2000 at 09:59:47AM -0600, Jonathan Fortin wrote: > > > Hi , > > > PermitRootLogin on or even tcp_wrapper wont help if a user backdoors /bin/login or sshd. > Try to keep track of the files checksum by making a crontab so it can email you once a day. > Just advise.. And someone who breaks in can easily fake that email. My personal solution (I know you are all dying for it)? Make sure root's .ssh directory is watched _very_ closely by Tripwire. Setup Tripewire to use read-only media (e.g. write protected floppy). -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message