From owner-freebsd-security Fri Jul 14 14:44: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id A5D4137C1FA for ; Fri, 14 Jul 2000 14:43:52 -0700 (PDT) (envelope-from matt@ARPA.MAIL.NET) Received: (qmail 76182 invoked by uid 1000); 14 Jul 2000 21:43:48 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 14 Jul 2000 21:43:48 -0000 Date: Fri, 14 Jul 2000 17:43:46 -0400 (EDT) From: Matt Heckaman X-Sender: matt@epsilon.lucida.qc.ca To: Bengt Richter Cc: freebsd-security@FreeBSD.ORG Subject: Re: RFC for Advisories? (Was Re: Newer/Two kinds of advisories?) In-Reply-To: <3.0.5.32.20000714142038.00908650@mail.accessone.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Jul 2000, Bengt Richter wrote: ... : Ideally, one could visualize logging in and seeing an automatically edited : MOTD : or additional message something like: : : "NOTICE: vulnscand has received and authenticated advisory , : and has (per vulnscand.conf auto option) disabled execution of : / : due to a level 7.2 ('Immediate Action Urgent') vulnerability. : Type vulnscan -i for full info." Can I just say: "wow" - I like this alot, alot, alot, and .. you get the idea. This would just be wonderful, being that we're all human and don't always see an advisory the minute it comes out, I'm sure we've all had a system running something vulnerable for a good 12-24 hours because of that, something like this would.. Really set us apart. : The RFC should not exclude the possibility of an NT-based vulnscand.exe : service : whereby possibly seeing something relevant to NT in the security log of the : NT event viewer, with automated email to the system administrator. *nods* : For those writing cgi for score-keeping web presentation, perhaps a simple : numeric scale of seriousness like the earth quake Richter (no relation :) : scale would help keep things in perspective. What do you mean no relation? Come on, I can't be the only one invisoning a building (read; system) falling down, can I? :) : HTIU (Hope this is useful) I should hope so, time for me to go ponder about the possibility and get my hopes up for some reason :) : Regards, : Bengt Richter * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE5b4mTdMMtMcA1U5ARAoBKAJ9Wt8zgvQsdNbHMT7NhM9j/MppjAwCg0pty 8+jHAOEOnj+PEC3NeCdrV54= =PVn+ -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message