From owner-freebsd-security Mon Feb 12 22:28:44 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id WAA14012 for security-outgoing; Mon, 12 Feb 1996 22:28:44 -0800 (PST) Received: from grumble.grondar.za (root@grumble.grondar.za [196.7.18.130]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id WAA13979 for ; Mon, 12 Feb 1996 22:28:33 -0800 (PST) Received: from localhost (mark@localhost [127.0.0.1]) by grumble.grondar.za (8.7.3/8.7.3) with SMTP id IAA03049; Tue, 13 Feb 1996 08:27:55 +0200 (SAT) Message-Id: <199602130627.IAA03049@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host mark@localhost [127.0.0.1] didn't use HELO protocol To: Jim Dennis cc: freebsd-security@FreeBSD.ORG Subject: Re: tripwire, xinetd (or tcp wrappers) Date: Tue, 13 Feb 1996 08:27:55 +0200 From: Mark Murray Sender: owner-security@FreeBSD.ORG Precedence: bulk Jim Dennis wrote: > > Where can I find tripwire? How about xinetd? Neither have been ported to FreeBSD. Tripwire is available from cert (ftp.cert.org) and xinetd is a bunch sharfiles + later patches available from ftp.uu.net and mirrors in (something like) usenet/comp.sources.unix/volume??/xinetd/part* and usenet/comp.sources.unix/volume??/xinetd/patch* I seem to remember that there are a couple of patches in different volumes spread over a bit of time. > First item is I'd like to install tripwire, build its > initial database, and refine it's reporting/alerts before > I connect the machine to the 'net. Where can I find a copy > of the FreeBSD port of this? If I grab a copy from usc.edu > (or wherever) is there anything special I'll have to do to > compile it under FreeBSD? Naah. I works just fine. Small bit of twiddling. > So: Does anyone have any compelling preferences for tcpd or > xinetd? Are there any "gotch'yas" to compiling xinetd > for FreeBSD (I notices tcpd in the ports list on the 2.1.0 CD, > but couldn't find tripwire or xinetd). Tcp wrappers (tcpd) is/are pretty ubiquitous, but they only handle tcp - you are on your own with udp, so if you have plans to use FSP, you'll be SOL monitoring that. > Is xinetd faster (suffering from less process start latency) > than tcpd? Fractionally. Probably not even so you'd notice. > I'm also interested in other monitoring and security suggestions. > This particular machine (actually pair of machines) will be used > for distributing files via ftp and http. You amy want to have a look at COPS, also from CERT. FreeBSD already does a lot of what COPS does (scan for SUID file changes etc), but it will give you some ideas. > I might also configure it for fsp (if I can find a suitable > deamon *and* a suitable DOS|Windows|OS/2|NT|Win '95 client that > can be freely distributed). Is there such a beast (free > multiplatform client)? Are there any known security problems > with fsp? Is there an fspd with features similar to the wu-ftpd > (remote limits, group access controls, etc)? Sorry! I am clueless here! M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 Finger mark@grondar.za for PGP key