From owner-freebsd-security  Tue Jun  1 10:47:17 1999
Delivered-To: freebsd-security@freebsd.org
Received: from cain.tasam.com (cain.tasam.com [198.232.144.253])
	by hub.freebsd.org (Postfix) with ESMTP id 6E53114F82
	for <freebsd-security@freebsd.org>; Tue,  1 Jun 1999 10:47:11 -0700 (PDT)
	(envelope-from cain@tasam.com)
Received: from localhost (localhost [127.0.0.1])
	by cain.tasam.com (8.9.3/8.9.1) with SMTP id NAA11014
	for <freebsd-security@freebsd.org>; Tue, 1 Jun 1999 13:42:22 -0400 (EDT)
	(envelope-from cain@tasam.com)
Date: Tue, 1 Jun 1999 13:42:21 -0400 (EDT)
From: Cain <cain@tasam.com>
To: freebsd-security@freebsd.org
Subject: Re: Shell Account system
In-Reply-To: <v04003a00b379024eb476@[204.141.112.245]>
Message-ID: <Pine.BSF.3.96.990601133911.10829C-100000@cain.tasam.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In addition to tripwire, monitor the existence of all SUID programs, when
new ones appear make sure you know about it. BTW, ircd is usually SUID, so
if a user of yours sets that up it's normal. But then how do you know a
hacker just hasn't named his root shell ircd... so monitor the sizes of
new SUID programs, oh yes,
do not allow modules. Have everything compiled into the kernel that you
need 

On Mon, 31 May 1999, Timothy R. Platt wrote:

> Install tripwire, it's in the ports.
> 
> Better install a traffic logger, or better yet ipfw.  You'll need them to
> log and report all the smurfs, fraggles, and synks you're going to get.
> 
> Tim
> 
> 
> 
> 
> >Yeah, thanks, but the system is for anyone able to pay, so, you can say
> >i trust nobody.
> >
> >Kris Kennaway wrote:
> >>
> >> On Mon, 31 May 1999, Joe Gleason wrote:
> >>
> >> [Snip]
> >>
> >> Good advice, but running a shell account for people who you don't really
> >>trust
> >> is still not a wise move for the inexperienced, and not something you can
> >> easily document in a webpage. UNIX security is a way of life - there are any
> >> number of things which the unwary can trip over which could potentially
> >> compromise your machine.
> >>
> >> If it's for a small group of users who you trust fairly well, you
> >> probably should be okay, though.
> >
> >
> >To Unsubscribe: send mail to majordomo@FreeBSD.org
> >with "unsubscribe freebsd-security" in the body of the message
> 
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message