Date: Tue, 29 Feb 2000 13:42:14 -0600 From: "Jeffrey J. Mountin" <jeff-ml@mountin.net> To: Andrey Novikov <scriber@webclub.ru>, freebsd-security@FreeBSD.ORG Subject: Re: schg flag Message-ID: <3.0.3.32.20000229134214.00804590@207.227.119.2> In-Reply-To: <00022921443000.05868@novikov.web2000.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
At 09:40 PM 2/29/00 +0300, Andrey Novikov wrote: >Hello, > >It seems to me that it will be more secure for my >public server to say at least: > >chflags schg /bin/* >chflags schg /sbin/* >chflags schg /usr/bin/* >chflags schg /usr/sbin/* >chflags schg /usr/local/bin/* >chflags schg /usr/local/sbin/* > >to prevent any troyans in my system binaries, am I wrong? >Would it confuse future makeworlds on that system? Prevent trojans, depends. Makeworld, no. Installworld, yes. Without getting into an often discussed topic, you forgot some dirs and should consider "ro" flags for mounting /usr and a higher securelevel. Also moving services to other servers that do not allow telnet/ssh. Many paths. Read up and choose one. Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.3.32.20000229134214.00804590>