Date: Tue, 26 Oct 1999 16:36:35 +0200 (CEST) From: "=?iso-8859-1?q?Jean-Pierre=20H.=20Dumas?=" <jphdumas@yahoo.fr> To: FreeBSD-Security@freebsd.org Subject: Security tests Message-ID: <19991026143635.25359.rocketmail@web1003.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
This is to verify the security of a FreeBSD 3.2 server I am installing. To be used as a POP3 toaster, with qmail and vmailmgr. I installed and ran COPS (a really old one). It screamed at me about the /var/spool/uucppublic directory as beeing *world* writable. It barfed on the passwd and group having the wrong number of fields (I assume this is because of the use of perl 5 vs perl 3 at the time of creation of COPS, something like @_ changed meaning ?) Question: is the permission of /var/spool/uucppublic correct once in drwxrwxr-x ? (I do not use uucp, but...) Then I installed Nessus 0.98.3 on a SuSE Linux 6.2 (I could not build it, or run it on FreeBSD, I tried to use the port and it failed in a way I don't understand) and I did the scan of the server. No big deal, the biggest problem being that telnet is still the way to connect from a Windows client. Sniffers are only a very remote possibility in our context. (I have to check about ssh, but it is not done yet.) Question: What can I do more to have a realistic report about this server's security ? Is there any other scanners or whatever that I can get and run, either from within the server, or from outside (I have a FreeBSD 3.2, Linux and Windows 95 machine on the Ethernet) Regards, Jean-Pierre ___________________________________________________________ Do You Yahoo!? Votre e-mail @yahoo.fr gratuit sur http://courrier.yahoo.fr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991026143635.25359.rocketmail>