Re: suid bit files + securing FreeBSD (new program: LockDown)

From: Socketd (db_at_traceroute.dk)
Date: 07/30/03

  • Next message: Mike Hoskins: "Re: suid bit files + securing FreeBSD (new program: LockDown)" 
    Date: Wed, 30 Jul 2003 20:14:00 +0200
To: twig les <twigles@yahoo.com>, security@freebsd.org

    On Wed, 30 Jul 2003 10:16:58 -0700 (PDT)
    twig les <twigles@yahoo.com> wrote:

    > I really like the sound of having a shell script to run and lock
    > down systems right after install (or makeworld upgrade); I was
    > considering hacking something together myself with my altogether
    > mediocre scripting skills. Might I suggest that it have a conf
    > file that sets up a script that we can simply scp to another box
    > and run without having to have a conf file on that box? Also
    > can we email you privately with "feature requests" like setting
    > umask, etc.?

    Well, LockDown only has two files (the executable and the conf file) and
    I'm gonna write it in C++, so making the C++ write a second program in a
    different language (which I don't master) is maybe a little overkill ;-)

    But feel free to write me. I will start working on LockDown in about 2-3
    weeks (I think) and I'll post a notice here when I am "done".
     
    > If you run with this I hope you'll post the script somewhere and
    > tell us so we can tinker with it until it makes it to the ports
    > or whatever. It makes more sense than me just making a
    > checklist and following it every time.

    LockDown is just an automatic security checklist ;-)

    br
    socketd
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Mike Hoskins: "Re: suid bit files + securing FreeBSD (new program: LockDown)"

    Relevant Pages

    • Re: suid bit files + securing FreeBSD (new program: LockDown)
      ... I really like the sound of having a shell script to run and lock ... down systems right after install; ... >> to root with a list of the files it found which had improper ... >> daemon which checks the conf file and program periodically, ...
      (FreeBSD-Security)
    • Shell scripting question
      ... I'm thinking about writing an rc.subr script that sucks in variables from a conf file. ... Neither rc.conf nor source_rc_confs appears anywhere else in the script, so how does this suck in the variables? ...
      (freebsd-questions)
    • Re: how do I feed a script conf file variables on the command line ?
      ... > but variable declarations like: ... what if I want to feed the script a setting on ... > I just want to be able to quickly bypass the conf file, ... > single command line. ...
      (freebsd-questions)
    • Re: suid bit files + securing FreeBSD (new program: LockDown)
      ... if an attacker got root and installed a rootkit LockDown would be ... the LockDown conf file, they would be disabled the next time LockDown is ... More kernel help, so you quickly can setup a kernel: ... Well, it could be written as a shell script, but I only know C++. ...
      (FreeBSD-Security)
    • Re: suid bit files + securing FreeBSD (new program: LockDown)
      ... On Wed, 30 Jul 2003, Socketd wrote: ... LockDown only has two files (the executable and the conf file) and ... be very similar to Bastille already. ...
      (FreeBSD-Security)
    • Quantcast