From owner-freebsd-security  Mon Oct 22 16:33:40 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mercury.is.co.za (mercury.is.co.za [196.4.160.222])
	by hub.freebsd.org (Postfix) with ESMTP id 9ECC237B403
	for <freebsd-security@FreeBSD.ORG>; Mon, 22 Oct 2001 16:33:25 -0700 (PDT)
Received: from c4-pta-19.dial-up.net (c4-pta-19.dial-up.net [196.26.210.19])
	by mercury.is.co.za (Postfix) with ESMTP
	id 7361B3F21; Tue, 23 Oct 2001 01:33:19 +0200 (SAST)
Date: Tue, 23 Oct 2001 01:35:35 +0200 (SAST)
From: The Psychotic Viper <psyv@sec-it.net>
X-X-Sender:  <psyv@lucifer.fuzion.ath.cx>
To: CS <spork@fasttrackmonkey.com>
Cc: Andrew Johns <johnsa@kpi.com.au>,
	"freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
Subject: Re: KLD detectors
In-Reply-To: <20011022150129.G60205-100000@bigpoop.foo.foo>
Message-ID: <20011023012559.A28285-100000@lucifer.fuzion.ath.cx>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi again,

On Mon, 22 Oct 2001, CS wrote:

> Hi,
>
> Thanks for the info, I'll test it out on a few I've found (bsd versions of
> adore).
>
> I'm also interested in utilizing securelevels, but I'm still not 100% sure
> that securelevel 1 will actually stop this, as there seem to be a number
> of tools out there to bypass the securelevel restriction.  For example:
>
> http://www.s0ftpj.org/en/tools.html
>
> Scroll down to "securelevel bypass":
> http://www.s0ftpj.org/tools/securelvl.tgz
Yes remember secure levels arent going to be the all in one solution (not
sure if i mentioned it before) but helps aid security aware admins and
provides yet another layer of security, use it in tandem with freebsd's
own security scripts and maybe aide or tripwire to increase security, but
any clue'd up cracker could know was around either mechanism which is why
the more the better (but be careful not to kludge the machine down with
too much as it can become a nightmare too).

> Also, I'm finding myself upgrading bits and pieces of the system more
> often (telnetd, openssh, etc.) and I'm wavering on what exactly I should
> set the "schg" flags on.  Most of my machines are remote, and I also don't
> want to revert to NT behaviour of "oh you patched, now you must reboot"...
As for that point then maybe one of the other alternatives would serve you
better as you can do upgrades seamlessly if everything works the way it
should.Kernel secure levels make it slightly more difficult to do regular
work on the system. So look into other ways of securing your internal
machine and monitoring and see which suits you best. Best place to start
looking would be /usr/ports/security and around the internet.

HTH
PsyV


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message