Re: What's vunerable?

From: Ashley Penney (ashp@unloved.org)
Date: 03/16/01 

Date: Fri, 16 Mar 2001 12:11:58 +0100
From: Ashley Penney <ashp@unloved.org>
To: freebsd-security@freebsd.org

On Fri, Mar 16, 2001 at 09:25:13AM +0000, Peter McGarvey said:
> I've just inherited several FreeBSD boxes. The versions range from
> 3.2_RELEASE to 4.1_RELEASE.
>
> On the BSD boxes I already maintain I cvsup and make world on a monthly
> basis - or as soon as I see a CERT advisory that I know relates to
> something that can bite. But the inherited boxes need a lot of work,
> and I cannot guarantee to "The Powers That Be" that a make world wont
> break the box.
>
> What I really need to know is what vulnerabilities exist on each box -
> so that I can present the boss with a risk assessment, and make him
> decide if the box stays as is, or gets a make world.
>
> So any advice anyone can give me, on how to find out what's vunerable
> with any particular FreeBSD version, would be greatly appreciated.
 
One suggestion I would have is to pop to www.nessus.org, and use the
scanner they provide. It can output reports in HTML and so forth, with
pretty graphics for PHB's. However, it can sometimes trigger false
alarms so I'd run it against the boxes, and check the results by hand.

[I've found this very useful when I suddenly get thrown into 500 boxes,
all running different versions of OS's.] 

-- 
"I think our users are a lazy bunch of elitist snobs when it comes to
advocacy."  -- Poul-Henning Kemp on the FreeBSD community.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: One computer, two screens, keyboards and mouses?
    ... or power, two boxes are more powerful than one. ... I would use the FreeBSD box to remotelly connect to the ... Just switch on the one computer you want to use, ...
    (comp.unix.bsd.freebsd.misc)
  • Re: i386 vs amd64?
    ... Engine boxes for this, so this will be a bit ... Would I be happier with 64 or 32bit FreeBSD? ... I run amd64 at home, ... I'm looking forward to being able to upgrade our SQL server in the co-lo ...
    (freebsd-stable)
  • Whats vunerable?
    ... I've just inherited several FreeBSD boxes. ... On the BSD boxes I already maintain I cvsup and make world on a monthly ...
    (FreeBSD-Security)
  • Re: Server Hardware Recommendations
    ... I run a lot of supermicro and tyan based servers, with the older ones being PATA, the new being SATA, and I've had not a single problem with SATA under FreeBSD. ... I am running 4-STABLE on the pata boxes, and the new SATA boxes I've been bringing up have been 6-STABLE boxes. ... I'm running some older Compaq DL360-G1 1U boxes with onboard SCSI Smart Array controllers, with 18 and 36GB drives in RAID-1 configs as well, and they are rock solid. ...
    (freebsd-isp)
  • RE: Bandwidth Problems with Freebsd 5.x
    ... did it or what operating system is on the sending and receiving boxes. ... Bandwidth Problems with Freebsd 5.x ... than 0,5%, it comes from the network (cables or switches fault). ... This test confirms cleraly that there is a problem with the BSD, ...
    (freebsd-questions)