From owner-freebsd-security  Thu Aug 27 03:00:09 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id DAA17274
          for freebsd-security-outgoing; Thu, 27 Aug 1998 03:00:09 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from beeblebrox.cc.jyu.fi (beeblebrox.cc.jyu.fi [130.234.41.34])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA17208
          for <security@FreeBSD.ORG>; Thu, 27 Aug 1998 03:00:03 -0700 (PDT)
          (envelope-from kallio@beeblebrox.cc.jyu.fi)
Received: (from kallio@localhost)
	by beeblebrox.cc.jyu.fi (8.8.7/8.8.7) id NAA00643;
	Thu, 27 Aug 1998 13:04:01 +0300
Message-ID: <19980827130401.B546@beeblebrox.cc.jyu.fi>
Date: Thu, 27 Aug 1998 13:04:01 +0300
From: Seppo Kallio <kallio@silmu.st.jyu.fi>
To: Philippe Regnauld <regnauld@deepo.prosa.dk>,
        "Craig H. Rowland" <crowland@psionic.com>
Cc: Wilson MacGyver <macgyver@cylatech.com>, security@FreeBSD.ORG
Subject: Re: post breakin log (Saint/Nessus/?)
References: <199808270538.BAA01341@armitage.cylatech.com> <Pine.LNX.3.96.980827010411.2527A-100000@dolemite> <19980827103936.44211@deepo.prosa.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91.1
In-Reply-To: <19980827103936.44211@deepo.prosa.dk>; from Philippe Regnauld on Thu, Aug 27, 1998 at 10:39:36AM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, Aug 27, 1998 at 10:39:36AM +0200, Philippe Regnauld wrote:
> Craig H. Rowland writes:
> > 
> > Shameless plug: I wrote a quick page a while back describing some of the
> > more common attacks I've seen against hosts. It may contain some useful
> > information for you:
> > 
> > http://www.psionic.com/papers/attacks.html
> 
> 	One might want to check out the May issue of ;login: which
> 	includes an overview of common network attacks, by Aleph One (Bugtraq
> 	moderator).

Is there good tools to make a check if my (or neighbour's) node has good
security or not? I think in principle that kind of tool is possible, but
it should be updatet daily and easy to use (so that I can run it daily).

We are managing 10-20 Sun/Linux/FreeBSD nodes at cc, 
AND a lot of University staff have Linux/Sun workstations.

Some simple tool to check our nodes and the nodes of the professors could be
very nice! 

I have head about http://www.wwdsi.com/saint/ (Saint) and
http://www.nessus.org/ (Nessus)  how are they? Experiences?

I think the app should have (secure) database somewhere in net to
check the bug free popper version number for example. Or easy automatic
local database update (by 'mirror' or something).

-- 
Seppo Kallio	 kallio@cc.jyu.fi	http://www.jyu.fi/~kallio

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message