Date: Sat, 9 May 1998 00:39:09 +0000 (GMT) From: Alfred Perlstein <perlsta@fang.cs.sunyit.edu> To: Nicholas Charles Brawn <ncb05@uow.edu.au> Cc: Sanjit Roy <fiber@phy.iitkgp.ernet.in>, freebsd-security@FreeBSD.ORG Subject: Re: how safe is FreeBSD 2.2.5 Message-ID: <Pine.BSF.3.95.980509003625.26253A-100000@fang.cs.sunyit.edu> In-Reply-To: <Pine.SOL.3.96.980509111221.8493A-100000@banshee.cs.uow.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
there were a few problems with the "stock" 2.2.5 release in terms of security. the 2.2.6 release is much better from what i've heard. you also have the option installing a 2.2.5 machine and cvsuping, or dowloading a "SNAP" release of a lterer dated 2.2.6 release. i think you should look at: (ftp URLS) releng22.freebsd.org (not sure about this one) current.freebsd.org (this one is most likely around) and of course: ftp.freebsd.org you can get SNAP relases from those sites. -Alfred On Sat, 9 May 1998, Nicholas Charles Brawn wrote: > > [moving this to freebsd-security] > > On Sat, 9 May 1998, Sanjit Roy wrote: > > > I need some advise regarding the security level in FreeBSD. Lately, a > > lot of students in my university campus have been into hacking activity. > > I have a Linux (kernel 1.2.8) system on one of my mail gateways and it's > > a piece of cake becoming 'root' on that machine. I immediately need to > > upgrade that to either REDHAT Linux 5.0 or FreeBSD 2.2.5. I have both > > the flavours of unix available with me. > > > > What I want to know is : > > > > 1. which of the two is more secure? > > As always this is a debatable topic. What it comes down to is the security > features incorporated and/or available with the OS, the attitude of the > developers to fixing bug and or security problems, and above all, the > skill of the person administrating the machine (in securing it). > > I think you should go with FreeBSD. :) > > > 2. Is shadow util really effective in Linux. Don't know if there's one > > in FreeBSD? > > Haven't used linux in a while so I couldn't help you there. But FreeBSD > has shadowing incorporated from the get-go. The two files, or rather > four(?) you have in FreeBSD are: > > /etc/passwd (shadowed). > /etc/master.passwd (root-only readable file with the password's md5'd). > /etc/pwd.db (something I haven't really looked into, but it contains > gecos-related information). > /etc/spwd.db (root-only readable file containing information similar to > above but also password strings). > > > 3. what do i have to do/install to make my system secure i.e, what are > > the available patches and where do i get them? > > ftp://ftp.freebsd.org/pub/FreeBSD/CERT. > > > > > Hoping to hear from you soon. > > Sanjit. > > fiber@phy.iitkgp.ernet.in > > > > regards, > > Nicholas Brawn > > -- > Email: ncb05@uow.edu.au - DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A > http://rabble.uow.edu.au/~nick - public key available on request. > Nicholas Brawn - Computer Science Undergraduate, University of Wollongong. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.980509003625.26253A-100000>