Date: Wed, 30 Jul 1997 15:00:01 -0400 (EDT) From: Adam Shostack <adam@homeport.org> To: shashi@shift-f1.com (Shashi Joshi) Cc: molter@logic.it, vince@mail.MCESTATE.COM, security@FreeBSD.ORG, mario1@PrimeNet.Com Subject: Re: So, lets have a checklist compiled (was Re: Security hole) Message-ID: <199707301900.PAA21876@homeport.org> In-Reply-To: <199707301450.JAA25877@shift-f1.com> from Shashi Joshi at "Jul 30, 97 09:50:56 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Guy Helmer is working on a paper on exactly this topic. Perhaps he could post a pointer to his current draft? Adam | Exactly my thoughts. So, do we get a checklist or reference list from the | gurus? | | I am also a bit new to the sys admin duties. I have | taken the time to read the FreeBSD book that came with the CD (which | doesn't help much in the security area), read a UNIX sysadmin book (Nemeth, | Snyder etc the Red Book) but it too has its limitations. | | We don't have external user logins, so the risks are much less, but I would | always like to learn because soon we will be "out there". | | Another netter mentioned about FreeBSD should ship with some documentation, | scripts that tell us (about the system files and directories) what are the | files associated with "feature" A or "service" B (e.g. uucp), which files | need to be setuid for what functionality. | | Here is an example. (I know you gurus will laugh, but it was my 3rd day only). | | Realizing that sbin dirs are for sysadmin related files, I made the */sbin | as -r-xr-x--- and group being wheel or bin as appropriate. | Now, after a few weeks!! I realised that I am not able to send out any | mail. I had been receiving mail like anything, my elm session also didn't | complain when I sent out email. Finally I checked the logs and found | nothing, not a trace of a mail sent out. So I checked to see `which | sendmail` and it was /usr/sbin/sendmail | So I had to give r-x permissions to it to the world. | | Now why would sendmail be in sbin when it is not purely a sysadmin tool | only? | | My point? Having a document or a checklist would be real helpful to newbies | and can serve as a quick reference for the gurus. | | regards, | | -- | Shashi Joshi | -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707301900.PAA21876>