Date: Fri, 16 Mar 2001 12:11:58 +0100 From: Ashley Penney <ashp@unloved.org> To: freebsd-security@freebsd.org Subject: Re: What's vunerable? Message-ID: <20010316121158.A17693@daphne.unloved.org> In-Reply-To: <3AB1DBF9.C721E3D6@vianetworks.co.uk>; from peterm@vianetworks.co.uk on Fri, Mar 16, 2001 at 09:25:13AM %2B0000 References: <3AB1DBF9.C721E3D6@vianetworks.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 16, 2001 at 09:25:13AM +0000, Peter McGarvey said: > I've just inherited several FreeBSD boxes. The versions range from > 3.2_RELEASE to 4.1_RELEASE. > > On the BSD boxes I already maintain I cvsup and make world on a monthly > basis - or as soon as I see a CERT advisory that I know relates to > something that can bite. But the inherited boxes need a lot of work, > and I cannot guarantee to "The Powers That Be" that a make world wont > break the box. > > What I really need to know is what vulnerabilities exist on each box - > so that I can present the boss with a risk assessment, and make him > decide if the box stays as is, or gets a make world. > > So any advice anyone can give me, on how to find out what's vunerable > with any particular FreeBSD version, would be greatly appreciated. One suggestion I would have is to pop to www.nessus.org, and use the scanner they provide. It can output reports in HTML and so forth, with pretty graphics for PHB's. However, it can sometimes trigger false alarms so I'd run it against the boxes, and check the results by hand. [I've found this very useful when I suddenly get thrown into 500 boxes, all running different versions of OS's.] -- "I think our users are a lazy bunch of elitist snobs when it comes to advocacy." -- Poul-Henning Kemp on the FreeBSD community. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010316121158.A17693>