From owner-freebsd-security  Fri Mar 16  3:10:25 2001
Delivered-To: freebsd-security@freebsd.org
Received: from daphne.unloved.org (daphne.unloved.org [62.58.62.165])
	by hub.freebsd.org (Postfix) with ESMTP id DDD6E37B719
	for <freebsd-security@freebsd.org>; Fri, 16 Mar 2001 03:10:21 -0800 (PST)
	(envelope-from ashp@unloved.org)
Received: by daphne.unloved.org (Postfix, from userid 1001)
	id AB7D31176B; Fri, 16 Mar 2001 12:11:58 +0100 (CET)
Date: Fri, 16 Mar 2001 12:11:58 +0100
From: Ashley Penney <ashp@unloved.org>
To: freebsd-security@freebsd.org
Subject: Re: What's vunerable?
Message-ID: <20010316121158.A17693@daphne.unloved.org>
Mail-Followup-To: Ashley Penney <ashp@unloved.org>,
	freebsd-security@freebsd.org
References: <3AB1DBF9.C721E3D6@vianetworks.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3AB1DBF9.C721E3D6@vianetworks.co.uk>; from peterm@vianetworks.co.uk on Fri, Mar 16, 2001 at 09:25:13AM +0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Mar 16, 2001 at 09:25:13AM +0000, Peter McGarvey said:
> I've just inherited several FreeBSD boxes.  The versions range from
> 3.2_RELEASE to 4.1_RELEASE.
> 
> On the BSD boxes I already maintain I cvsup and make world on a monthly
> basis - or as soon as I see a CERT advisory that I know relates to
> something that can bite.  But the inherited boxes need a lot of work,
> and I cannot guarantee to "The Powers That Be" that a make world wont
> break the box.
> 
> What I really need to know is what vulnerabilities exist on each box -
> so that I can present the boss with a risk assessment, and make him
> decide if the box stays as is, or gets a make world.
> 
> So any advice anyone can give me, on how to find out what's vunerable
> with any particular FreeBSD version, would be greatly appreciated.
 
One suggestion I would have is to pop to www.nessus.org, and use the
scanner they provide.  It can output reports in HTML and so forth, with
pretty graphics for PHB's.  However, it can sometimes trigger false
alarms so I'd run it against the boxes, and check the results by hand.

[I've found this very useful when I suddenly get thrown into 500 boxes,
all running different versions of OS's.]

-- 
"I think our users are a lazy bunch of elitist snobs when it comes to
advocacy."  -- Poul-Henning Kemp on the FreeBSD community.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message