From owner-freebsd-security Fri May 8 22:39:07 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA27403 for freebsd-security-outgoing; Fri, 8 May 1998 22:39:07 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fang.cs.sunyit.edu (perlsta@fang.cs.sunyit.edu [192.52.220.66]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA27393 for ; Fri, 8 May 1998 22:39:01 -0700 (PDT) (envelope-from perlsta@fang.cs.sunyit.edu) Received: from localhost (perlsta@localhost) by fang.cs.sunyit.edu (8.8.5/8.7.3) with SMTP id AAA26320; Sat, 9 May 1998 00:39:09 GMT Date: Sat, 9 May 1998 00:39:09 +0000 (GMT) From: Alfred Perlstein To: Nicholas Charles Brawn cc: Sanjit Roy , freebsd-security@FreeBSD.ORG Subject: Re: how safe is FreeBSD 2.2.5 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk there were a few problems with the "stock" 2.2.5 release in terms of security. the 2.2.6 release is much better from what i've heard. you also have the option installing a 2.2.5 machine and cvsuping, or dowloading a "SNAP" release of a lterer dated 2.2.6 release. i think you should look at: (ftp URLS) releng22.freebsd.org (not sure about this one) current.freebsd.org (this one is most likely around) and of course: ftp.freebsd.org you can get SNAP relases from those sites. -Alfred On Sat, 9 May 1998, Nicholas Charles Brawn wrote: > > [moving this to freebsd-security] > > On Sat, 9 May 1998, Sanjit Roy wrote: > > > I need some advise regarding the security level in FreeBSD. Lately, a > > lot of students in my university campus have been into hacking activity. > > I have a Linux (kernel 1.2.8) system on one of my mail gateways and it's > > a piece of cake becoming 'root' on that machine. I immediately need to > > upgrade that to either REDHAT Linux 5.0 or FreeBSD 2.2.5. I have both > > the flavours of unix available with me. > > > > What I want to know is : > > > > 1. which of the two is more secure? > > As always this is a debatable topic. What it comes down to is the security > features incorporated and/or available with the OS, the attitude of the > developers to fixing bug and or security problems, and above all, the > skill of the person administrating the machine (in securing it). > > I think you should go with FreeBSD. :) > > > 2. Is shadow util really effective in Linux. Don't know if there's one > > in FreeBSD? > > Haven't used linux in a while so I couldn't help you there. But FreeBSD > has shadowing incorporated from the get-go. The two files, or rather > four(?) you have in FreeBSD are: > > /etc/passwd (shadowed). > /etc/master.passwd (root-only readable file with the password's md5'd). > /etc/pwd.db (something I haven't really looked into, but it contains > gecos-related information). > /etc/spwd.db (root-only readable file containing information similar to > above but also password strings). > > > 3. what do i have to do/install to make my system secure i.e, what are > > the available patches and where do i get them? > > ftp://ftp.freebsd.org/pub/FreeBSD/CERT. > > > > > Hoping to hear from you soon. > > Sanjit. > > fiber@phy.iitkgp.ernet.in > > > > regards, > > Nicholas Brawn > > -- > Email: ncb05@uow.edu.au - DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A > http://rabble.uow.edu.au/~nick - public key available on request. > Nicholas Brawn - Computer Science Undergraduate, University of Wollongong. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message