Date: Mon, 25 Nov 1996 17:38:10 -0700 (MST) From: Marc Slemko <marcs@znep.com> To: Warner Losh <imp@village.org> Cc: current@FreeBSD.org Subject: Re: find and xargs in /etc/security Message-ID: <Pine.BSF.3.95.961125172708.21281B-100000@alive.ampr.ab.ca> In-Reply-To: <E0vS4iR-0006oP-00@rover.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 25 Nov 1996, Warner Losh wrote:
> In message <Pine.BSF.3.95.961124230736.12070O-100000@alive.ampr.ab.ca> Marc Slemko writes:
>
> : There is more wrong with /etc/security than that, so perhaps it is worth
> : looking at it a bit more deeply. OpenBSD and NetBSD have a far more
> : comprehensive /etc/security.
>
> Can you elaberate as to what makes them better?
I didn't necessarily say better, just more comprehensive. <g>
579 2644 14887 OpenBSD/src/etc/security
87 318 2104 FreeBSD/src/etc/security
Things like master.passwd file syntax and oddities, group file syntax and
oddities, stuff in root shell startup files (eg. .cshrc), "+" in various
files like hosts.equiv, special users with .rhosts files, home directory
permissions, mailbox permissions, /etc/exports, changes in setuid/setgid
files, permissions on block and character disk devices, special files and
binaries checksum.
Some of the stuff is a bit questionable, and in general the less output
the better when security monitoring is involved, but some is quite useful.
An option to easily add a tripwire scan wouldn't hurt, although perhaps a
security.local and a port with a good config file (ie. setup to watch
important things and ignore unimportant changes) would be better.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961125172708.21281B-100000>