Re: suid bit files + securing FreeBSD (new program: LockDown)

From: Socketd (db_at_traceroute.dk)
Date: 07/30/03

  • Next message: Mike Hoskins: "Re: suid bit files + securing FreeBSD (new program: LockDown)" 
    Date: Wed, 30 Jul 2003 20:14:00 +0200
To: twig les <twigles@yahoo.com>, security@freebsd.org

    On Wed, 30 Jul 2003 10:16:58 -0700 (PDT)
    twig les <twigles@yahoo.com> wrote:

    > I really like the sound of having a shell script to run and lock
    > down systems right after install (or makeworld upgrade); I was
    > considering hacking something together myself with my altogether
    > mediocre scripting skills. Might I suggest that it have a conf
    > file that sets up a script that we can simply scp to another box
    > and run without having to have a conf file on that box? Also
    > can we email you privately with "feature requests" like setting
    > umask, etc.?

    Well, LockDown only has two files (the executable and the conf file) and
    I'm gonna write it in C++, so making the C++ write a second program in a
    different language (which I don't master) is maybe a little overkill ;-)

    But feel free to write me. I will start working on LockDown in about 2-3
    weeks (I think) and I'll post a notice here when I am "done".
     
    > If you run with this I hope you'll post the script somewhere and
    > tell us so we can tinker with it until it makes it to the ports
    > or whatever. It makes more sense than me just making a
    > checklist and following it every time.

    LockDown is just an automatic security checklist ;-)

    br
    socketd
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Mike Hoskins: "Re: suid bit files + securing FreeBSD (new program: LockDown)"

    Relevant Pages

    • Re: suid bit files + securing FreeBSD (new program: LockDown)
      ... I really like the sound of having a shell script to run and lock ... down systems right after install; ... >> to root with a list of the files it found which had improper ... >> daemon which checks the conf file and program periodically, ...
      (FreeBSD-Security)
    • Re: Why does ntp keep changing my conf file?
      ... I would like to know the answer to this question, because I have been seeing the exact same problem with my RHL 5.2 machines. ... The init.d script does something that rewrites the ntp..conf file. ... I don't understand enough bash to figure it out so I just started ntp manually. ... Subject: Why does ntp keep changing my conf file? ...
      (comp.protocols.time.ntp)
    • Re: Dovecot Problems on Sid
      ... superseded syntax warning which were flagged as errors when I tried to ... So I downgraded to the testing version and used a backed up conf file. ... I've tried the quick config guide from dovecot webpage, ... modern/recent" conf.d directory script system without providing any script for ...
      (Debian-User)
    • Re: Why does ntp keep changing my conf file?
      ... This thing is nuts man;^) Why does it allow my conf file to get rewritten? ... When I run sudo /etc/init.d/ntpd restart ... Look in this script what is happening. ...
      (comp.protocols.time.ntp)
    • Re: suid bit files + securing FreeBSD (new program: LockDown)
      ... if an attacker got root and installed a rootkit LockDown would be ... the LockDown conf file, they would be disabled the next time LockDown is ... More kernel help, so you quickly can setup a kernel: ... Well, it could be written as a shell script, but I only know C++. ...
      (FreeBSD-Security)