Date: Wed, 30 Jul 1997 09:50:56 -0500 (EST) From: Shashi Joshi <shashi@shift-f1.com> To: molter@logic.it (Marco Molteni) Cc: vince@mail.MCESTATE.COM, security@FreeBSD.ORG, mario1@PrimeNet.Com Subject: So, lets have a checklist compiled (was Re: Security hole) Message-ID: <199707301450.JAA25877@shift-f1.com> In-Reply-To: <Pine.BSF.3.91.970730134009.197A-100000@dumbwinter.ecomotor.it> from Marco Molteni at "Jul 30, 97 02:04:33 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
As Marco Molteni said -> > There's a thing really I can't understand in all this thread. > Nobody said: > "Vince, we're sorry about what happened to you. Probably you did something > stupid, but _everybody_ has to learn his lesson the hard way. > Here you are a a checklist of books, programs and ideas to follow to > improve the security of your site." > > No, everybody started to flame at him! Why? Because he choosed as his > subject line: "security hole in FreeBSD" instead of "I'm a sucker > please you security wizards help me" ? > > Do you think one can be a newcomer as an administrator, but _has_ to know > everything about security before he starts to work? Come on! Exactly my thoughts. So, do we get a checklist or reference list from the gurus? I am also a bit new to the sys admin duties. I have taken the time to read the FreeBSD book that came with the CD (which doesn't help much in the security area), read a UNIX sysadmin book (Nemeth, Snyder etc the Red Book) but it too has its limitations. We don't have external user logins, so the risks are much less, but I would always like to learn because soon we will be "out there". Another netter mentioned about FreeBSD should ship with some documentation, scripts that tell us (about the system files and directories) what are the files associated with "feature" A or "service" B (e.g. uucp), which files need to be setuid for what functionality. Here is an example. (I know you gurus will laugh, but it was my 3rd day only). Realizing that sbin dirs are for sysadmin related files, I made the */sbin as -r-xr-x--- and group being wheel or bin as appropriate. Now, after a few weeks!! I realised that I am not able to send out any mail. I had been receiving mail like anything, my elm session also didn't complain when I sent out email. Finally I checked the logs and found nothing, not a trace of a mail sent out. So I checked to see `which sendmail` and it was /usr/sbin/sendmail So I had to give r-x permissions to it to the world. Now why would sendmail be in sbin when it is not purely a sysadmin tool only? My point? Having a document or a checklist would be real helpful to newbies and can serve as a quick reference for the gurus. regards, -- Shashi Joshi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707301450.JAA25877>