Re: suid bit files + securing FreeBSD (new program: LockDown)
From: Socketd (db_at_traceroute.dk)
Date: Sun, 27 Jul 2003 18:55:32 +0200 To: email@example.com, firstname.lastname@example.org
On Sun, 27 Jul 2003 10:29:23 -0500
D J Hawkey Jr <email@example.com> wrote:
> > LockDown could search for ALL suid and gid files and set the
> > permissions accordingly to the conf file, the files not listed there
> > would be disabled (or set to a user specified default)...
> Now you're thinking along the lines I'm thinking. Something of a
> system hyper- or super-visor.
Well I don't know if we are thinking along the same lines. LockDown is
not meant to be an IDS or system monitor program, just a quick secure
> I do like the idea of checking /etc... maybe... using cksum(1), or
> something like that. I currently use local periodic(8) scripts,
> similar to /etc/periodic/daily/2*, that backs up /etc, /etc/mail, and
By /etc support I meant options like rc_conf, login_class and openssh
for "all" files in /etc
> NOTE: I'm not a committer! I only mention the possibility; I can't
> make it so.
Hehe, I know :-)
> I've gotten pretty fluent with sh(1), awk(1), and sed(1). I could
> pro'lly write what you envision in a shell script. I wouldn't want to
> re-write a C++ program though; I'm not well versed in C++'s "nuances".
The program is really easy to write since it only change file
permissions and add text to some files in /etc (and other easy to write
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "email@example.com"