Date: Mon, 8 Jun 1998 18:09:58 -0700 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Palle Girgensohn <girgen@partitur.se>, Wm Brian McCane <root@bmccane.maxbaud.net> Cc: isp@FreeBSD.ORG Subject: Re: nightly security run Message-ID: <199806090109.SAA19811@salsa.gv.tsc.tdk.com> In-Reply-To: Palle Girgensohn <girgen@partitur.se> "Re: nightly security run" (Jun 7, 8:18pm)
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 7, 8:18pm, Palle Girgensohn wrote:
} Subject: Re: nightly security run
} Hello Brian,
}
} Check out /etc/security. In there, there is a code snippet thar runs the
} find command:
}
} MP=`mount -t ufs | grep -v " nosuid" | sed 's;/dev/;&r;' | awk '{ print
} $3 }'`
} set $MP
} while test $# -ge 1; do
} mount=$1
} shift
} find $mount -xdev -type f \
} \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
} \( -perm -u+s -or -perm -g+s \) -print0
} done | xargs -0 -n 20 ls -lTd | sort +9 > $TMP
}
}
} I suggest adding | grep -v "mount point of news..." to the first line if
} you have news on it's own partition, which I suppose you do, considering
} the size... :)
} I guess there are a bunch of ways to do it.
I'd recommend mounting that filesystem (and any other filesystems that
shouldn't contain suid executables) nosuid. Then you don't have to
tweak /etc/security and the security of your system is enhanced because
crackers have fewer places to hide suid executables.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806090109.SAA19811>