Date: Tue, 02 Jan 2001 21:33:56 -0600 From: David Kelly <dkelly@hiwaay.net> To: "Jason Halbert" <res02jw5@gte.net> Cc: questions@FreeBSD.ORG Subject: Re: Security Problem Message-ID: <200101030333.f033Xup03770@grumpy.dyndns.org> In-Reply-To: Message from "Jason Halbert" <res02jw5@gte.net> of "Tue, 02 Jan 2001 19:21:44 CST." <006101c07523$8c64df20$566933d8@xps>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jason Halbert" writes: > Is there a way to block an enitre host (e.g. *.gtei.net) or a block of > ip's (e.g. 4.33.*) ? Or is there a way to say that only a certain > domain or block of ip's can access my system? See ipfw(8). And the examples in /etc/rc.firewall. You can block an address, or range of addresses. But you can't block by symbolic domain name. > Also, is there a way to block the use of "adduser" or "vipw" or even > looking at /etc/master.passwd without being the specific user "root". > Where as you must be root and not "su" or any other user to see and/or > use those commands. > > I hope that makes sense. Sort of. Read the man page for su, specifically the difference between the -m and -l versions. FreeBSD defaults with a shell alias for su of "su -m". If a user is able to su to root, then that user is able to do a full login to root where both user-id and effective-user-id are root. If you are having problems as you seem to be suggesting, then its likely you have been root-kit'ed and nothing on your machine can be trusted. Am saying its not just the su utility which is a problem. Its time for a backup, wipe, and re-install from known clean media such as the WC distribution CDROM. Then audit every thing which goes back on the system from the backup tape. Don't restore anything root would use, use only new clean copies. Later you can compare the old and new files to determine the extent of the problem. Tripwire (/usr/ports/security/tripwire*) and mtree (/usr/sbin/mtree) are helpful in such situations, but only if applied before the event, not after. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101030333.f033Xup03770>