From owner-freebsd-questions@FreeBSD.ORG Sat Jul 26 10:33:44 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F265837B401 for ; Sat, 26 Jul 2003 10:33:43 -0700 (PDT) Received: from ns.pro.sk (proxy.pro.sk [195.80.161.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FDA343F93 for ; Sat, 26 Jul 2003 10:33:42 -0700 (PDT) (envelope-from prosa@pro.sk) Received: from peter (Peter [192.168.1.53]) by ns.pro.sk (8.11.3/8.11.3) with SMTP id h6QHXdE99323; Sat, 26 Jul 2003 19:33:39 +0200 (CEST) (envelope-from prosa@pro.sk) Message-ID: <00f901c3539b$faf803a0$3501a8c0@pro.sk> From: "Peter Rosa" To: References: <00a201c35398$ed1de680$3501a8c0@pro.sk> <200307261322.31656.matthew@starbreaker.net> Date: Sat, 26 Jul 2003 19:33:08 +0200 Organization: PRO, s.r.o. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 cc: FreeBSD Questions Subject: Re: suid bit files and securing FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jul 2003 17:33:44 -0000 Hello Matthew, thank you very much. It's excatly you say. FreeBSD is my option because of "historical reasons". Someone has installed it for me two years ago, and now I love it (he installed it after two hacks and two reinstallations of RedHat Linux [I don't want to say, RHL is not good, but FBSD is better :-) {now I see the storm, like with I'm christian...... mail to this list :-))) } ] ). Wow, such a short sentence I just produced :-) Peter Rosa ----- Original Message ----- From: "Matthew Graybosch" To: "Peter Rosa" Cc: Sent: Saturday, July 26, 2003 7:22 PM Subject: Re: suid bit files and securing FreeBSD > > > Second question is: Has anybody an exact wizard, how to secure > > the FreeBSD machine. Imagine the situation, the only person who > > can do anything on that machine is me, and nobody other. I have > > set very restrictive firewalling, I have removed ALL tty's except > > two local tty's (I need to work on that machine), but there are > > still open port 25 and 53 (must be forever), so someone very > > tricky can compromite my machine. > > > > I'm a little bit paranoic, don't I :-))))))) > > Uhm, yes, you *are* just a wee bit paranoid. But it helps to be > paranoid if you're root on somebody else's machine. Great power and > great responsibility, right? > > But if you're concerned with security uber alles, I'm surprised you > didn't look into OpenBSD first. According to their site > (openbsd.org), they've had "only one remote hole in the default > install, in more than 7 years!" > > FreeBSD certainly can be secured, but it appears that the developers > put performance and reliability first, and then security. Theo de > Raadt puts security first. > > -- > Matthew Graybosch > http://www.starbreaker.net > "I am become root, shatterer of kernels." > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >