Date: Tue, 1 Jun 1999 13:42:21 -0400 (EDT) From: Cain <cain@tasam.com> To: freebsd-security@freebsd.org Subject: Re: Shell Account system Message-ID: <Pine.BSF.3.96.990601133911.10829C-100000@cain.tasam.com> In-Reply-To: <v04003a00b379024eb476@[204.141.112.245]>
next in thread | previous in thread | raw e-mail | index | archive | help
In addition to tripwire, monitor the existence of all SUID programs, when new ones appear make sure you know about it. BTW, ircd is usually SUID, so if a user of yours sets that up it's normal. But then how do you know a hacker just hasn't named his root shell ircd... so monitor the sizes of new SUID programs, oh yes, do not allow modules. Have everything compiled into the kernel that you need On Mon, 31 May 1999, Timothy R. Platt wrote: > Install tripwire, it's in the ports. > > Better install a traffic logger, or better yet ipfw. You'll need them to > log and report all the smurfs, fraggles, and synks you're going to get. > > Tim > > > > > >Yeah, thanks, but the system is for anyone able to pay, so, you can say > >i trust nobody. > > > >Kris Kennaway wrote: > >> > >> On Mon, 31 May 1999, Joe Gleason wrote: > >> > >> [Snip] > >> > >> Good advice, but running a shell account for people who you don't really > >>trust > >> is still not a wise move for the inexperienced, and not something you can > >> easily document in a webpage. UNIX security is a way of life - there are any > >> number of things which the unwary can trip over which could potentially > >> compromise your machine. > >> > >> If it's for a small group of users who you trust fairly well, you > >> probably should be okay, though. > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990601133911.10829C-100000>