Date: Sun, 27 Jul 2003 18:55:32 +0200 From: Socketd <db@traceroute.dk> To: hawkeyd@visi.com, security@freebsd.org Subject: Re: suid bit files + securing FreeBSD (new program: LockDown) Message-ID: <20030727185532.70c0b4b9.db@traceroute.dk> In-Reply-To: <20030727152923.GA14224@sheol.localdomain> References: <00d601c3539a$91576a40$3501a8c0@pro.sk> <20030726235710.GD4105@cirb503493.alcatel.com.au> <20030727132847.5adc6b07.db@traceroute.dk> <20030727112933.GA6135@sheol.localdomain> <20030727143600.1517c588.db@traceroute.dk> <20030727125136.GA6810@sheol.localdomain> <20030727155239.3205a60b.db@traceroute.dk> <20030727152923.GA14224@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 27 Jul 2003 10:29:23 -0500 D J Hawkey Jr <hawkeyd@visi.com> wrote: > > LockDown could search for ALL suid and gid files and set the > > permissions accordingly to the conf file, the files not listed there > > would be disabled (or set to a user specified default)... > > Now you're thinking along the lines I'm thinking. Something of a > system hyper- or super-visor. Well I don't know if we are thinking along the same lines. LockDown is not meant to be an IDS or system monitor program, just a quick secure setup helper. > I do like the idea of checking /etc... maybe... using cksum(1), or > something like that. I currently use local periodic(8) scripts, > similar to /etc/periodic/daily/2*, that backs up /etc, /etc/mail, and > /etc/namedb. By /etc support I meant options like rc_conf, login_class and openssh for "all" files in /etc > NOTE: I'm not a committer! I only mention the possibility; I can't > make it so. Hehe, I know :-) > I've gotten pretty fluent with sh(1), awk(1), and sed(1). I could > pro'lly write what you envision in a shell script. I wouldn't want to > re-write a C++ program though; I'm not well versed in C++'s "nuances". The program is really easy to write since it only change file permissions and add text to some files in /etc (and other easy to write stuff) br socketd
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030727185532.70c0b4b9.db>