From owner-freebsd-questions@FreeBSD.ORG Sat Jul 26 10:11:51 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0938637B404 for ; Sat, 26 Jul 2003 10:11:51 -0700 (PDT) Received: from ns.pro.sk (proxy.pro.sk [195.80.161.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 31A1443FB1 for ; Sat, 26 Jul 2003 10:11:49 -0700 (PDT) (envelope-from prosa@pro.sk) Received: from peter (Peter [192.168.1.53]) by ns.pro.sk (8.11.3/8.11.3) with SMTP id h6QHBlE99240 for ; Sat, 26 Jul 2003 19:11:48 +0200 (CEST) (envelope-from prosa@pro.sk) Message-ID: <00a201c35398$ed1de680$3501a8c0@pro.sk> From: "Peter Rosa" To: "FreeBSD Questions" Date: Sat, 26 Jul 2003 19:11:16 +0200 Organization: PRO, s.r.o. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Subject: suid bit files and securing FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jul 2003 17:11:51 -0000 Hello everybody, I'm a newbie in this list, so I don't know if it's the appropriate place for my question. Anyway, I'd be happy to find out the solution. Please, has anyone simple answer for: I'm looking for an exact list of files, which: 1. MUST have... 2. HAVE FROM BSD INSTALLATION... 3. DO NOT NEED... 4. NEVER MAY... ...the suid-bit set. Of course, it's no problem to find-out which files ALREADY HAS suid-bit set. But what files REALLY MUST have it ? I know generalities, as e.g. shell should never have suid bit set, but what if someone has copied any shell to some other location and have set the suid bit ? It's security hole, isn't it ? And what if I have more such files on my machine ? It is not about my machine has been compromited, it is only WHAT IF... -------------------------------------------- Second question is: Has anybody an exact wizard, how to secure the FreeBSD machine. Imagine the situation, the only person who can do anything on that machine is me, and nobody other. I have set very restrictive firewalling, I have removed ALL tty's except two local tty's (I need to work on that machine), but there are still open port 25 and 53 (must be forever), so someone very tricky can compromite my machine. I'm a little bit paranoic, don't I :-))))))) Cheers, Peter Rosa