Date: Sun, 7 Jun 1998 22:49:19 +0400 From: Alexandre Snarskii <snar@paranoia.ru> To: Palle Girgensohn <girgen@partitur.se>, Wm Brian McCane <root@bmccane.maxbaud.net> Cc: isp@FreeBSD.ORG Subject: Re: nightly security run Message-ID: <19980607224919.20498@nevalink.ru> In-Reply-To: <357AD97B.43A50C2E@partitur.se>; from Palle Girgensohn on Sun, Jun 07, 1998 at 08:18:35PM %2B0200 References: <Pine.BSF.3.96.980607113818.4455A-100000@bmccane.maxbaud.net> <357AD97B.43A50C2E@partitur.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 07, 1998 at 08:18:35PM +0200, Palle Girgensohn wrote:
> Hello Brian,
>
> Check out /etc/security. In there, there is a code snippet thar runs the
> find command:
>
> MP=`mount -t ufs | grep -v " nosuid" | sed 's;/dev/;&r;' | awk '{ print
> $3 }'`
> set $MP
> while test $# -ge 1; do
> mount=$1
> shift
> find $mount -xdev -type f \
> \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
> \( -perm -u+s -or -perm -g+s \) -print0
> done | xargs -0 -n 20 ls -lTd | sort +9 > $TMP
>
>
> I suggest adding | grep -v "mount point of news..." to the first line if
> you have news on it's own partition, which I suppose you do, considering
> the size... :)
> I guess there are a bunch of ways to do it.
More easiest way is to mark newsspool mountpoint as nosuid, as newsspool
should be anyway (noexec and nodev can be used too - if you dont expect
executable articles in alt/2600 :) ) :)
--
Alexandre Snarskii
the source code is included
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980607224919.20498>