Date: Mon, 15 Apr 1996 21:49:12 -0700 (PDT) From: Jim Dennis <jimd@mistery.mcafee.com> To: dwhite@resnet.uoregon.edu (Doug White) Cc: DTURNER@ubt.com, freebsd-questions@FreeBSD.org Subject: Re: Major oops.... Message-ID: <199604160449.VAA16450@mistery.mcafee.com> In-Reply-To: <Pine.BSF.3.91.960415164118.23278G-100000@resnet.uoregon.edu> from "Doug White" at Apr 15, 96 04:41:39 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Sat, 13 Apr 1996, DTURNER wrote: > > > An intern was working on my freebsd machine today and deleted "Some > > files by accident..." (yeah right). Anyway when ever I do a restart, > > the network daemons come up with the following error: > > > > cannot determine local host name. > > > > Each message is slightly different; but, they all say the same > > thing.... some very important file was nuked. > > I would check your /etc directory, specifically sysconfig, resolv.conf, > and hosts. > > Doug White I'd suggest going to your most recent backup and doing a non-overwriting restore of the /etc/ directory or (depending on the nature of the backup system you're doing) getting an index of all the files that have disappeared since your last full back (systemwide sans /home or /export/home or whatever you use). I'd also suggest that you review your security policies and implement some rules (no one should log in as root -- anyone who su's to root should run 'script' to record their whole su session, that sort of thing). This would be a good time for your intern to learn about backups and restore/compare procedures. It is very easy to remove files by accident (regardless of OS). Some OS' nag you with a million confirmations for every little thing (Windoze) -- and all users learn to hit "yes" to everything (net benefit: nil). Some OS' have a two stage deletion process (delete/remove followed by purge/salvage/commit) (My personal favorite -- problem: filesystems run so close to full so often that the purge/salvage timing window can be very small) Unix forces you to learn good habits (especially backups and a number in the "type slower and double check" variety) and strongly support the adoption of system policies (mount everything "read-only" as often as possibly -- and only su and remount when absolutely necessary). I like the chattr/lsattr (advanced attributes feature) in the ext2fs filesystem for linux. I've heard rumors that some other filesystems on other *nix' have similar features. In particular there is an "immutable" option that prevents anyone (root included) from modifying a file in any way. Basically I am now in the habit of setting that flag on all my /bin, /sbin, /usr/bin, /usr/lib, and similar files. Thus, even as root, I can't remove, overwrite, chown, chmod, or otherwise damage any of my system files. It doesn't add any security to speak of -- but it does offer my users a level of protection from those nights when I'm here too late (after way too much coffee) and from the occasions that my boss or my Netware supervisor (the only other with root access to these systems) have to make "just one quick change" (which they won't do unless I'm nowhere to be found -- and it's an *emergency*). So, can we get similar support for FreeBSD? Jim Dennis, System Administrator, McAfee Associates
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604160449.VAA16450>