From owner-freebsd-security@FreeBSD.ORG Sat Jul 26 21:17:09 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8219237B401 for ; Sat, 26 Jul 2003 21:17:09 -0700 (PDT) Received: from web10104.mail.yahoo.com (web10104.mail.yahoo.com [216.136.130.54]) by mx1.FreeBSD.org (Postfix) with SMTP id 1CC5043F3F for ; Sat, 26 Jul 2003 21:17:09 -0700 (PDT) (envelope-from twigles@yahoo.com) Message-ID: <20030727041708.95094.qmail@web10104.mail.yahoo.com> Received: from [68.5.49.41] by web10104.mail.yahoo.com via HTTP; Sat, 26 Jul 2003 21:17:08 PDT Date: Sat, 26 Jul 2003 21:17:08 -0700 (PDT) From: twig les To: Peter Rosa , FreeBSD Security In-Reply-To: <00d601c3539a$91576a40$3501a8c0@pro.sk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: suid bit files + securing FreeBSD X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jul 2003 04:17:09 -0000 I don't know exactly what you mean by "wizard", maybe a menu-driven gui like Nero or M$ Lookout or something? Anyhoo I really like this checklist here: http://sddi.net/FBSDSecCheckList.html. I guess one could script a lot of this. This page also has a boatload of links at the bottom. As for perfect security I like to run Sendmail and BIND on RedHat myself, unless I can get my hands on an IIS box. woot! Sorry, it's late Saturday, thus I'm feeling mischievous. > > Second question is: Has anybody an exact wizard, how to secure > the FreeBSD machine. Imagine the situation, the only person > who > can do anything on that machine is me, and nobody other. I > have > set very restrictive firewalling, I have removed ALL tty's > except > two local tty's (I need to work on that machine), but there > are > still open port 25 and 53 (must be forever), so someone very > tricky can compromite my machine. > > I'm a little bit paranoic, don't I :-))))))) > > Cheers, > > Peter Rosa > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" ===== ----------------------------------------------------------- Emo is what happens when the glee club goes punk. ----------------------------------------------------------- __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com