Date: Wed, 11 Aug 2004 21:57:01 -0700 (PDT) From: Doug Barton <DougB@FreeBSD.org> To: Xin LI <delphij@frontfree.net> Cc: Thomas Quinot <thomas@FreeBSD.ORG> Subject: Re: [PATCH] Tighten /etc/crontab permissions Message-ID: <20040811215606.H817@ync.qbhto.arg> In-Reply-To: <20040812040556.GC305@frontfree.net> References: <20040810161305.GA161@frontfree.net> <20040810095953.H1984@qbhto.arg><20040812040556.GC305@frontfree.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 12 Aug 2004, Xin LI wrote:
> I think I would want to compromise at this point ;) In addition of this,
> personally I suggest the following changes to be made:
>
> - Provide an option in sysinstall so users will be instructed
> to choose whether to ``lockdown'' their systems as soon as
> the configuration is completed. Also, include this utility
> in the installation disc.
> - Add a new security audit script which will tell admins that
> the permission of "watched" configurations was altered.
> This might be turned off by default, or even a depency port
> of lockdown, to provide a mechanism to detect potential
> break-ins earlier, and to notice users when something like
> mergemaster or manual etc/ upgrades has reverted the
> permissions.
>
> What do you think about this? Actually the FreeBSD Simplified Chinese
> project is recently coordinating an effort of making an Internationalized
> FreeBSD Installer, I think we will try to implement these
> things if they looks better.
Those sound like good goals, I wish you great luck with them. :)
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040811215606.H817>