From owner-freebsd-isp  Mon Jun  8 18:12:23 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA18966
          for freebsd-isp-outgoing; Mon, 8 Jun 1998 18:12:23 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from gatekeeper.tsc.tdk.com (root@gatekeeper.tsc.tdk.com [207.113.159.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA18889
          for <isp@FreeBSD.ORG>; Mon, 8 Jun 1998 18:12:15 -0700 (PDT)
          (envelope-from gdonl@tsc.tdk.com)
Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191])
	by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id SAA16467;
	Mon, 8 Jun 1998 18:10:01 -0700 (PDT)
	(envelope-from gdonl@tsc.tdk.com)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
	by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id SAA25882;
	Mon, 8 Jun 1998 18:10:00 -0700 (PDT)
Received: (from gdonl@localhost)
	by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id SAA19811;
	Mon, 8 Jun 1998 18:09:59 -0700 (PDT)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199806090109.SAA19811@salsa.gv.tsc.tdk.com>
Date: Mon, 8 Jun 1998 18:09:58 -0700
In-Reply-To: Palle Girgensohn <girgen@partitur.se>
       "Re: nightly security run" (Jun  7,  8:18pm)
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
To: Palle Girgensohn <girgen@partitur.se>,
        Wm Brian McCane <root@bmccane.maxbaud.net>
Subject: Re: nightly security run
Cc: isp@FreeBSD.ORG
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Jun 7,  8:18pm, Palle Girgensohn wrote:
} Subject: Re: nightly security run
} Hello Brian,
} 
} Check out /etc/security. In there, there is a code snippet thar runs the
} find command:
} 
} MP=`mount -t ufs | grep -v " nosuid" | sed 's;/dev/;&r;' | awk '{ print
} $3 }'`
} set $MP
} while test $# -ge 1; do
} 	mount=$1
} 	shift
} 	find $mount -xdev -type f \
} 		\( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
} 		\( -perm -u+s -or -perm -g+s \)  -print0
} done | xargs -0 -n 20 ls -lTd | sort +9 > $TMP
} 
} 
} I suggest adding | grep -v "mount point of news..." to the first line if
} you have news on it's own partition, which I suppose you do, considering
} the size... :)
} I guess there are a bunch of ways to do it.

I'd recommend mounting that filesystem (and any other filesystems that
shouldn't contain suid executables) nosuid.  Then you don't have to
tweak /etc/security and the security of your system is enhanced because
crackers have fewer places to hide suid executables.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message