From owner-freebsd-security Mon Nov 1 13:47:55 1999 Delivered-To: freebsd-security@freebsd.org Received: from sneakerz.org (sneakerz.org [208.176.135.226]) by hub.freebsd.org (Postfix) with SMTP id 2912114E2A for ; Mon, 1 Nov 1999 13:47:37 -0800 (PST) (envelope-from dave@sneakerz.org) Received: (qmail 8520 invoked by uid 1004); 27 Oct 1999 05:32:18 -0000 Date: Tue, 26 Oct 1999 22:32:18 -0700 From: "Dr. Dave" To: "Jean-Pierre H. Dumas" Cc: FreeBSD-Security@freebsd.org Subject: Re: Security tests Message-ID: <19991026223218.B8498@sneakerz.org> References: <19991026143635.25359.rocketmail@web1003.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <19991026143635.25359.rocketmail@web1003.mail.yahoo.com>; from Jean-Pierre H. Dumas on Tue, Oct 26, 1999 at 04:36:35PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 26, 1999 at 04:36:35PM +0200, Jean-Pierre H. Dumas wrote: > This is to verify the security of a FreeBSD 3.2 > server I am installing. To be used as a POP3 toaster, > with qmail and vmailmgr. > > I installed and ran COPS (a really old one). > It screamed at me about the /var/spool/uucppublic > directory as beeing *world* writable. > It barfed on the passwd and group having the wrong > number of fields (I assume this is because of the > use of perl 5 vs perl 3 at the time of creation > of COPS, something like @_ changed meaning ?) > Question: is the permission of /var/spool/uucppublic > correct once in drwxrwxr-x ? (I do not use uucp, > but...) Cops is VERY old and outdated. If you would like some more recent security tools, visit http://www.securityfocus.com, they also have a bug tracking archive that you can search through by OS. Keeping security on a system is alot more than installing the packages from /usr/ports/security. > Question: What can I do more to have a realistic > report about this server's security ? If this is a corporate environment you may want to look into a site licence for IIS, internet security scanner, http://www.iss.net > Is there any other scanners or whatever that I can get > and run, either from within the server, or from > outside (I have a FreeBSD 3.2, Linux and Windows 95 > machine on the Ethernet) If you are looking for portscanners, you may want to look at nmap, http://www.insecure.org/nmap -- -------------------------------------------------------------------------- Dave McKay dave@sneakerz.org MSN Hotmail http://www.hotmail.com -------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message