Date: Mon, 25 Nov 1996 17:38:10 -0700 (MST) From: Marc Slemko <marcs@znep.com> To: Warner Losh <imp@village.org> Cc: current@FreeBSD.org Subject: Re: find and xargs in /etc/security Message-ID: <Pine.BSF.3.95.961125172708.21281B-100000@alive.ampr.ab.ca> In-Reply-To: <E0vS4iR-0006oP-00@rover.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 25 Nov 1996, Warner Losh wrote: > In message <Pine.BSF.3.95.961124230736.12070O-100000@alive.ampr.ab.ca> Marc Slemko writes: > > : There is more wrong with /etc/security than that, so perhaps it is worth > : looking at it a bit more deeply. OpenBSD and NetBSD have a far more > : comprehensive /etc/security. > > Can you elaberate as to what makes them better? I didn't necessarily say better, just more comprehensive. <g> 579 2644 14887 OpenBSD/src/etc/security 87 318 2104 FreeBSD/src/etc/security Things like master.passwd file syntax and oddities, group file syntax and oddities, stuff in root shell startup files (eg. .cshrc), "+" in various files like hosts.equiv, special users with .rhosts files, home directory permissions, mailbox permissions, /etc/exports, changes in setuid/setgid files, permissions on block and character disk devices, special files and binaries checksum. Some of the stuff is a bit questionable, and in general the less output the better when security monitoring is involved, but some is quite useful. An option to easily add a tripwire scan wouldn't hurt, although perhaps a security.local and a port with a good config file (ie. setup to watch important things and ignore unimportant changes) would be better.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961125172708.21281B-100000>