From owner-freebsd-security Mon Mar 27 11:31:27 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA00867 for security-outgoing; Mon, 27 Mar 1995 11:31:27 -0800 Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA00855 for ; Mon, 27 Mar 1995 11:31:22 -0800 Received: by gvr.win.tue.nl (8.6.10/1.53) id TAA04589; Mon, 27 Mar 1995 19:26:57 +0200 From: guido@gvr.win.tue.nl (Guido van Rooij) Message-Id: <199503271726.TAA04589@gvr.win.tue.nl> Subject: Re: your mail To: jkh@violet.berkeley.edu (Jordan K. Hubbard) Date: Mon, 27 Mar 1995 19:26:57 +0200 (MET DST) Cc: security@FreeBSD.org, csteiner@vaultbbs.com In-Reply-To: <199503270551.VAA06922@violet.berkeley.edu> from "Jordan K. Hubbard" at Mar 26, 95 09:51:52 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 1410 Sender: security-owner@FreeBSD.org Precedence: bulk Jordan K. Hubbard wrote: > > I assume I am not the only one who has heard about a program called "Satan" > which is going to be released in early April. Apparently it's a program to > help system administrators find holes in their system security--the only > catch being that anyone in the world will be able to run it against any system Wietse Venema, codevelopper of Satan hapesn to be my neighbour. Of course, Satan has been well tested on FreeBSd systems (like all his tools). > on the net. So obviously it'll be a great tool for hackers... > > Does anyone know how FreeBSD 2.0 will stack up against this program? Are we > going to have a bunch of holes discovered by teenagers just looking to make > life difficult for us? > > Also, in Linux and System-V systems there are files called hosts.deny and > hosts.allow that allow you to allow/deny access to specific hosts on the net > to particular services (or all services). Are there any equivalents in BSD? > I've read over the TCP/IP Admin. manual as well as scanned the man pages and I > can't find anything. I have a number of sites that I'd like to block access > from before the Satan program is released. This has *nothing* to do with Linux or SysV. This is a feature introduced by the tcpwrapper (also written by Wietse). Just install it, it has a makefile for freebsd as well (or fetch it from the packages tree). -Guido