From owner-freebsd-security Sun Mar 26 21:52:04 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id VAA04979 for security-outgoing; Sun, 26 Mar 1995 21:52:04 -0800 Received: from violet.berkeley.edu (violet.Berkeley.EDU [128.32.155.22]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id VAA04973 for ; Sun, 26 Mar 1995 21:52:02 -0800 Received: by violet.berkeley.edu (8.6.10/1.33r) id VAA06922; Sun, 26 Mar 1995 21:51:52 -0800 Date: Sun, 26 Mar 1995 21:51:52 -0800 From: jkh@violet.berkeley.edu (Jordan K. Hubbard) Message-Id: <199503270551.VAA06922@violet.berkeley.edu> To: security@FreeBSD.org Sender: security-owner@FreeBSD.org Precedence: bulk Path: agate!spool.mu.edu!uwm.edu!news.alpha.net!solaris.cc.vt.edu!swiss.ans.net!potogold.rmii.com!craig.vaultbbs.com!csteiner From: csteiner@vaultbbs.com (Craig Steiner) Newsgroups: comp.os.386bsd.questions Subject: FreeBSD vs. Satan & Security Date: Sun, 26 Mar 1995 23:38:03 Organization: Vault Information Services Lines: 26 Distribution: world Message-ID: NNTP-Posting-Host: craig.vaultbbs.com X-Newsreader: Trumpet for Windows [Version 1.0 Rev A] I assume I am not the only one who has heard about a program called "Satan" which is going to be released in early April. Apparently it's a program to help system administrators find holes in their system security--the only catch being that anyone in the world will be able to run it against any system on the net. So obviously it'll be a great tool for hackers... Does anyone know how FreeBSD 2.0 will stack up against this program? Are we going to have a bunch of holes discovered by teenagers just looking to make life difficult for us? Also, in Linux and System-V systems there are files called hosts.deny and hosts.allow that allow you to allow/deny access to specific hosts on the net to particular services (or all services). Are there any equivalents in BSD? I've read over the TCP/IP Admin. manual as well as scanned the man pages and I can't find anything. I have a number of sites that I'd like to block access from before the Satan program is released. Thanks, Craig Steiner +=========================================================================+ | Craig Steiner csteiner@vaultbbs.com | | Vault Information Services Compuserve: 74063,3545 | | 3827 E. Easter Drive Fidonet: Craig Steiner@1:104/332 | | Littleton, CO 80122 U.S.A. Voice Phone: +303-779-5309 | +==============[ Yo estaria mas feliz en Cali, Colombia ]=================+ From owner-freebsd-security Sun Mar 26 22:40:34 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id WAA05745 for security-outgoing; Sun, 26 Mar 1995 22:40:34 -0800 Received: from arthur.cs.purdue.edu (root@arthur.cs.purdue.edu [128.10.2.1]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id WAA05739 for ; Sun, 26 Mar 1995 22:40:33 -0800 Received: from labgrader.cs.purdue.edu (root@labgrader.cs.purdue.edu [128.10.11.100]) by arthur.cs.purdue.edu (8.6.10/PURDUE_CS-1.3) with ESMTP id ; Mon, 27 Mar 1995 01:40:21 -0500 Received: from localhost (jha@localhost [127.0.0.1]) by labgrader.cs.purdue.edu (8.6.10/PURDUE_CS-1.3) with SMTP id ; Mon, 27 Mar 1995 01:40:18 -0500 Message-Id: <199503270640.BAA20913@labgrader.cs.purdue.edu> To: jkh@violet.berkeley.edu (Jordan K. Hubbard) Cc: security@FreeBSD.org Subject: Re: your mail In-reply-to: Your message of "Sun, 26 Mar 1995 21:51:52 PST." <199503270551.VAA06922@violet.berkeley.edu> Date: Mon, 27 Mar 1995 01:40:17 -0500 From: jha@cs.purdue.edu ("John H. Aughey") Sender: security-owner@FreeBSD.org Precedence: bulk Jordan K. Hubbard wrote: > Does anyone know how FreeBSD 2.0 will stack up against this program? Are we > going to have a bunch of holes discovered by teenagers just looking to make > life difficult for us? We upgraded one of our machines here from 1.1.5.1 to 2.0 last week. Before changing anything, we ran a pre-release of Satan on this machine and other than an old version of sendmail, the machine came up clean. --- John Aughey jha@cs.purdue.edu From owner-freebsd-security Sun Mar 26 22:53:44 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id WAA06029 for security-outgoing; Sun, 26 Mar 1995 22:53:44 -0800 Received: from localhost (localhost [127.0.0.1]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id WAA06022; Sun, 26 Mar 1995 22:53:43 -0800 X-Authentication-Warning: freefall.cdrom.com: Host localhost didn't use HELO protocol To: jha@cs.purdue.edu ("John H. Aughey") cc: jkh@violet.berkeley.edu (Jordan K. Hubbard), security@FreeBSD.org Subject: Re: your mail In-reply-to: Your message of "Mon, 27 Mar 95 01:40:17 EST." <199503270640.BAA20913@labgrader.cs.purdue.edu> Date: Sun, 26 Mar 1995 22:53:43 -0800 Message-ID: <6021.796287223@freefall.cdrom.com> From: "Jordan K. Hubbard" Sender: security-owner@FreeBSD.org Precedence: bulk Foo. Now who was the original querant? I just *forwarded* this mail! ;-( Jordan > Jordan K. Hubbard wrote: > > Does anyone know how FreeBSD 2.0 will stack up against this program? Are w e > > going to have a bunch of holes discovered by teenagers just looking to make > > life difficult for us? > > We upgraded one of our machines here from 1.1.5.1 to 2.0 last week. > Before changing anything, we ran a pre-release of Satan on this machine > and other than an old version of sendmail, the machine came up clean. > > --- > John Aughey > jha@cs.purdue.edu From owner-freebsd-security Sun Mar 26 23:33:25 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id XAA10521 for security-outgoing; Sun, 26 Mar 1995 23:33:25 -0800 Received: from pluto.ops.NeoSoft.com (root@pluto.ops.NeoSoft.COM [198.64.212.23]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id XAA10511 for ; Sun, 26 Mar 1995 23:33:23 -0800 Received: from metal.ops.neosoft.com (root@glenn-slip45.nmt.edu [129.138.5.145]) by pluto.ops.NeoSoft.com (8.6.10/8.6.10) with ESMTP id BAA24902; Mon, 27 Mar 1995 01:33:09 -0600 Received: (from smace@localhost) by metal.ops.neosoft.com (8.6.11/8.6.10) id AAA00466; Mon, 27 Mar 1995 00:10:47 -0700 From: Scott Mace Message-Id: <199503270710.AAA00466@metal.ops.neosoft.com> Subject: Re: your mail To: jkh@violet.berkeley.edu (Jordan K. Hubbard) Date: Mon, 27 Mar 1995 00:10:46 -0700 (MST) Cc: security@FreeBSD.org In-Reply-To: <199503270551.VAA06922@violet.berkeley.edu> from "Jordan K. Hubbard" at Mar 26, 95 09:51:52 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 2588 Sender: security-owner@FreeBSD.org Precedence: bulk > > Path: agate!spool.mu.edu!uwm.edu!news.alpha.net!solaris.cc.vt.edu!swiss.ans.net!potogold.rmii.com!craig.vaultbbs.com!csteiner > From: csteiner@vaultbbs.com (Craig Steiner) > Newsgroups: comp.os.386bsd.questions > Subject: FreeBSD vs. Satan & Security > Date: Sun, 26 Mar 1995 23:38:03 > Organization: Vault Information Services > Lines: 26 > Distribution: world > Message-ID: > NNTP-Posting-Host: craig.vaultbbs.com > X-Newsreader: Trumpet for Windows [Version 1.0 Rev A] > > I assume I am not the only one who has heard about a program called "Satan" > which is going to be released in early April. Apparently it's a program to > help system administrators find holes in their system security--the only > catch being that anyone in the world will be able to run it against any system > on the net. So obviously it'll be a great tool for hackers... > > Does anyone know how FreeBSD 2.0 will stack up against this program? Are we > going to have a bunch of holes discovered by teenagers just looking to make > life difficult for us? > > Also, in Linux and System-V systems there are files called hosts.deny and > hosts.allow that allow you to allow/deny access to specific hosts on the net > to particular services (or all services). Are there any equivalents in BSD? > I've read over the TCP/IP Admin. manual as well as scanned the man pages and I hosts.allow and deny are simply from the cert tcp wrappers... I KNOW thats all the Linux ones are.... > can't find anything. I have a number of sites that I'd like to block access > from before the Satan program is released. As far as I'm concerned if your system is on the net and not firewalled you are asking for it. My system for example alows everything out, but only alows smtp, ftp and telnet (the latter two from only one secure site). A couple of other harmless things are opened up for me also... I don't use the firewall built into freebsd. I use a firewall developed at NeoSoft Inc. If works on any bsd derrived system. There is one reason that I don't use the one built into freebsd because it can be modified when the system is up. The NeoSoft firewall is compiled into the kernel, (which in turn can be set schg) so it becomes very hard for someone to modify your firewall should they somehow get in... I think this is a crucial point if your machine is protecting other machines.... SATAN is going to hurt others alot more than it will ever hurt FreeBSD. Simply due to the fact that compared to other OS's on the net, FreeBSD is a minority... Scott From owner-freebsd-security Mon Mar 27 11:31:27 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA00867 for security-outgoing; Mon, 27 Mar 1995 11:31:27 -0800 Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA00855 for ; Mon, 27 Mar 1995 11:31:22 -0800 Received: by gvr.win.tue.nl (8.6.10/1.53) id TAA04589; Mon, 27 Mar 1995 19:26:57 +0200 From: guido@gvr.win.tue.nl (Guido van Rooij) Message-Id: <199503271726.TAA04589@gvr.win.tue.nl> Subject: Re: your mail To: jkh@violet.berkeley.edu (Jordan K. Hubbard) Date: Mon, 27 Mar 1995 19:26:57 +0200 (MET DST) Cc: security@FreeBSD.org, csteiner@vaultbbs.com In-Reply-To: <199503270551.VAA06922@violet.berkeley.edu> from "Jordan K. Hubbard" at Mar 26, 95 09:51:52 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 1410 Sender: security-owner@FreeBSD.org Precedence: bulk Jordan K. Hubbard wrote: > > I assume I am not the only one who has heard about a program called "Satan" > which is going to be released in early April. Apparently it's a program to > help system administrators find holes in their system security--the only > catch being that anyone in the world will be able to run it against any system Wietse Venema, codevelopper of Satan hapesn to be my neighbour. Of course, Satan has been well tested on FreeBSd systems (like all his tools). > on the net. So obviously it'll be a great tool for hackers... > > Does anyone know how FreeBSD 2.0 will stack up against this program? Are we > going to have a bunch of holes discovered by teenagers just looking to make > life difficult for us? > > Also, in Linux and System-V systems there are files called hosts.deny and > hosts.allow that allow you to allow/deny access to specific hosts on the net > to particular services (or all services). Are there any equivalents in BSD? > I've read over the TCP/IP Admin. manual as well as scanned the man pages and I > can't find anything. I have a number of sites that I'd like to block access > from before the Satan program is released. This has *nothing* to do with Linux or SysV. This is a feature introduced by the tcpwrapper (also written by Wietse). Just install it, it has a makefile for freebsd as well (or fetch it from the packages tree). -Guido From owner-freebsd-security Mon Mar 27 11:55:13 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA02780 for security-outgoing; Mon, 27 Mar 1995 11:55:13 -0800 Received: from ref.tfs.com (ref.tfs.com [140.145.254.251]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA02774 for ; Mon, 27 Mar 1995 11:55:12 -0800 Received: (from phk@localhost) by ref.tfs.com (8.6.8/8.6.6) id LAA29392; Mon, 27 Mar 1995 11:54:17 -0800 From: Poul-Henning Kamp Message-Id: <199503271954.LAA29392@ref.tfs.com> Subject: Re: your mail To: guido@gvr.win.tue.nl (Guido van Rooij) Date: Mon, 27 Mar 1995 11:54:17 -0800 (PST) Cc: jkh@violet.berkeley.edu, security@FreeBSD.org, csteiner@vaultbbs.com In-Reply-To: <199503271726.TAA04589@gvr.win.tue.nl> from "Guido van Rooij" at Mar 27, 95 07:26:57 pm Content-Type: text Content-Length: 463 Sender: security-owner@FreeBSD.org Precedence: bulk > Of course, Satan has been well tested on FreeBSd systems (like > all his tools). > We're in for a bumpy ride, We use a daemon as mascot, and now we find out that Satan has been testing FreeBSD systems. Take cover, the religious self-righteous will be on us any second now! :-) -- Poul-Henning Kamp -- TRW Financial Systems, Inc. 'All relevant people are pertinent' && 'All rude people are impertinent' => 'no rude people are relevant' From owner-freebsd-security Mon Mar 27 12:05:37 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA05054 for security-outgoing; Mon, 27 Mar 1995 12:05:37 -0800 Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id MAA05048 for ; Mon, 27 Mar 1995 12:05:33 -0800 Received: by gvr.win.tue.nl (8.6.10/1.53) id WAA05051; Mon, 27 Mar 1995 22:05:10 +0200 From: guido@gvr.win.tue.nl (Guido van Rooij) Message-Id: <199503272005.WAA05051@gvr.win.tue.nl> Subject: Re: your mail To: phk@ref.tfs.com (Poul-Henning Kamp) Date: Mon, 27 Mar 1995 22:05:09 +0200 (MET DST) Cc: jkh@violet.berkeley.edu, security@FreeBSD.org, csteiner@vaultbbs.com In-Reply-To: <199503271954.LAA29392@ref.tfs.com> from "Poul-Henning Kamp" at Mar 27, 95 11:54:17 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 979 Sender: security-owner@FreeBSD.org Precedence: bulk Poul-Henning Kamp wrote: > > > Of course, Satan has been well tested on FreeBSd systems (like > > all his tools). > > > > We're in for a bumpy ride, We use a daemon as mascot, and now we find out > that Satan has been testing FreeBSD systems. > Take cover, the religious self-righteous will be on us any second now! > :-) > I saw a cartoon about Satan, which was kind of funny considering all the fuss ppl are making about wheather or not it will be a tool for or against hackers: A human resource suit working on a desk Satan waiting in a chair to get interviewed 2 employees peeking through the window of the suit's office asking each other: he's gonna work *for* us, right? At least, even before appearance, the tool already has a colourfull history. Ppl speculating about its non-existance because the original release date (April 1st. Now resceduled for the 5th). Further, the other developper, Dan Farmer (former CERT and Sun) got sacked by CGI..... -Guido From owner-freebsd-security Tue Mar 28 02:22:01 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id CAA06255 for security-outgoing; Tue, 28 Mar 1995 02:22:01 -0800 Received: from isl.cf.ac.uk (isl-gate.elsy.cf.ac.uk [131.251.22.1]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id CAA06245 for ; Tue, 28 Mar 1995 02:21:59 -0800 Received: (from paul@localhost) by isl.cf.ac.uk (8.6.9/8.6.9) id LAA17832; Tue, 28 Mar 1995 11:22:26 +0100 From: Paul Richards Message-Id: <199503281022.LAA17832@isl.cf.ac.uk> Subject: Re: your mail To: guido@gvr.win.tue.nl (Guido van Rooij) Date: Tue, 28 Mar 1995 11:22:26 +0100 (BST) Cc: jkh@violet.berkeley.edu, security@FreeBSD.org, csteiner@vaultbbs.com In-Reply-To: <199503271726.TAA04589@gvr.win.tue.nl> from "Guido van Rooij" at Mar 27, 95 07:26:57 pm X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 447 Sender: security-owner@FreeBSD.org Precedence: bulk In reply to Guido van Rooij who said > Wietse Venema, codevelopper of Satan hapesn to be my neighbour. > Of course, Satan has been well tested on FreeBSd systems (like > all his tools). How does it do? -- Paul Richards, FreeBSD core team member. Internet: paul@FreeBSD.org, URL: http://isl.cf.ac.uk/~paul/ Phone: +44 1222 874000 x6646 (work), +44 1222 457651 (home) Dept. Mechanical Engineering, University of Wales, College Cardiff. From owner-freebsd-security Tue Mar 28 02:53:22 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id CAA07405 for security-outgoing; Tue, 28 Mar 1995 02:53:22 -0800 Received: from platon.cs.rhbnc.ac.uk (platon.cs.rhbnc.ac.uk [134.219.200.24]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id CAA07390 for ; Tue, 28 Mar 1995 02:53:13 -0800 From: stephen@dcs.rhbnc.ac.uk Received: from cad2.cs.rhbnc.ac.uk (cad2.cs.rhbnc.ac.uk [134.219.97.112]) by platon.cs.rhbnc.ac.uk (8.6.9/8.6.9) with ESMTP id LAA21339 for ; Tue, 28 Mar 1995 11:52:34 +0100 Received: (stephen@localhost) by cad2.cs.rhbnc.ac.uk (8.6.9/8.6.9) id LAA08262 for security@freebsd.org; Tue, 28 Mar 1995 11:51:43 +0100 Message-Id: <199503281051.LAA08262@cad2.cs.rhbnc.ac.uk> Subject: Re: Satan To: security@FreeBSD.org Date: Tue, 28 Mar 1995 11:51:41 +0100 (BST) Reply-To: stephen@dcs.rhbnc.ac.uk In-Reply-To: <199503271726.TAA04589@gvr.win.tue.nl> from "Guido van Rooij" at Mar 27, 95 07:26:57 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 967 Sender: security-owner@FreeBSD.org Precedence: bulk Jordan K. Hubbard wrote: > > I assume I am not the only one who has heard about a program called "Satan" > which is going to be released in early April. Apparently it's a program to > help system administrators find holes in their system security--the only > catch being that anyone in the world will be able to run it against any > system I mentioned this to our system administrators here and they didn't seem to know anything about this program. Does anybody have some pointers as to where I might get some information to pass to them? TIA, Stephen. -- ------------------------------------------------------------------ |Stephen P. Butler. |stephen@dcs.rhbnc.ac.uk.| |Comp. Sci. Undergraduate. |ZHAC073@vms.rhbnc.ac.uk | | | | |Royal Holloway, University of London. | | ------------------------------------------------------------------ From owner-freebsd-security Tue Mar 28 06:21:34 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id GAA12730 for security-outgoing; Tue, 28 Mar 1995 06:21:34 -0800 Received: from ghpc6.ihf.rwth-aachen.de (ghpc6.ihf.RWTH-Aachen.DE [134.130.90.6]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id GAA12706 for ; Tue, 28 Mar 1995 06:20:14 -0800 Received: (from thomas@localhost) by ghpc6.ihf.rwth-aachen.de (8.6.8/8.6.6) id QAA00640; Tue, 28 Mar 1995 16:19:35 +0200 From: Thomas Gellekum Message-Id: <199503281419.QAA00640@ghpc6.ihf.rwth-aachen.de> Subject: Re: Satan To: stephen@dcs.rhbnc.ac.uk Date: Tue, 28 Mar 1995 16:19:34 +0200 (MET DST) Cc: security@FreeBSD.org In-Reply-To: <199503281051.LAA08262@cad2.cs.rhbnc.ac.uk> from "stephen@dcs.rhbnc.ac.uk" at Mar 28, 95 11:51:41 am Organization: Institut f. Hochfrequenztechnik, RWTH Aachen X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Content-Length: 742 Sender: security-owner@FreeBSD.org Precedence: bulk stephen@dcs.rhbnc.ac.uk wrote: > [SATAN] > I mentioned this to our system administrators here and they didn't seem to know > anything about this program. Does anybody have some pointers as to where I > might get some information to pass to them? From: TidBITS#268/20-Mar-95 (TidBITS - a newsletter for Mac users) > > [...] > > Could It Be... SATAN? > --------------------- > by Geoff Duncan > > [...] > > The > official SATAN release page is a good place to check, as are the > and newsgroups. SATAN's > developers can be reached at . > > http://fish.com/dan/satan.html I can mail this excerpt from the TidBITS, if anyone's interested. tg From owner-freebsd-security Tue Mar 28 21:20:20 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id VAA21513 for security-outgoing; Tue, 28 Mar 1995 21:20:20 -0800 Received: from fgwmail.fujitsu.co.jp (fgwmail.fujitsu.co.jp [164.71.1.133]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id VAA21494 for ; Tue, 28 Mar 1995 21:20:06 -0800 Received: from fdmmail.fujitsu.co.jp by fgwmail.fujitsu.co.jp (8.6.9+2.4W/3.3W5-MX941209-Fujitsu Mail Gateway) id OAA07150; Wed, 29 Mar 1995 14:19:17 +0900 Received: from fdm.fujitsu.co.jp by fdmmail.fujitsu.co.jp (8.6.9+2.4W/3.3W5-MX950127-Fujitsu Domain Mail Master) id OAA16682; Wed, 29 Mar 1995 14:19:16 +0900 Received: from [133.161.4.160] by fdm.fujitsu.co.jp (5.65/6.4J.6) id AA10631; Wed, 29 Mar 95 14:19:15 +0900 Received: by pluto.mfd.cs.fujitsu.co.jp (4.1/KUCS2.0b) id AA05322; Wed, 29 Mar 95 14:19:15 JST Message-Id: <9503290519.AA05322@pluto.mfd.cs.fujitsu.co.jp> To: security@FreeBSD.org Reply-To: asakai@voyager.mfd.cs.fujitsu.co.jp From: ASAKAI Hiroshi Subject: help Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Date: Wed, 29 Mar 1995 14:19:10 +0900 Sender: security-owner@FreeBSD.org Precedence: bulk help From owner-freebsd-security Fri Mar 31 11:44:27 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA01887 for security-outgoing; Fri, 31 Mar 1995 11:44:27 -0800 Received: from aries.ibms.sinica.edu.tw ([140.109.40.248]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA01843 for ; Fri, 31 Mar 1995 11:43:56 -0800 Received: (from taob@localhost) by aries.ibms.sinica.edu.tw (8.6.11/8.6.9) id DAA12102; Sat, 1 Apr 1995 03:44:12 +0800 Date: Sat, 1 Apr 1995 03:44:11 +0800 (CST) From: Brian Tao To: FREEBSD-SECURITY-L Subject: New /etc/security script for FreeBSD Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-668466482-796679051=:1567" Sender: security-owner@FreeBSD.org Precedence: bulk This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-668466482-796679051=:1567 Content-Type: TEXT/PLAIN; charset=US-ASCII A little while ago, I posted on freebsd-hackers that BSD/OS had a nice /etc/security script that seems to work well on a standard FreeBSD system. I've asked BSDI and there isn't a problem redistributing the file because they don't have a copyright on it. I've attached the script to this message and seek comments on it. Two functional changes have been made to the script. The first is changing line 33 to reflect FreeBSD's 8-char username limit. The second is the addition of a checksum module starting at line 557. It uses md5(1) to calculate checksums for all files in a specified set of directories chosen to contain system binaries. It's purpose is to aid in the detection of trojan horses. The standard FreeBSD /etc/security script is rather anemic in comparison. Could this be included as the standard script in future FreeBSD distributions? I just looked on a friend's NetBSD 1.0 machine and this is the file they use. -- Brian ("Though this be madness, yet there is method in't") Tao taob@gate.sinica.edu.tw <-- work ........ play --> taob@io.org --0-668466482-796679051=:1567 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=security Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: IyEvYmluL3NoIC0NCiMNCiMJQCgjKXNlY3VyaXR5CTguMSAoQmVya2VsZXkp IDYvOS85Mw0KIw0KDQpQQVRIPS9zYmluOi91c3Ivc2JpbjovYmluOi91c3Iv YmluDQoNCnVtYXNrIDA3Nw0KDQpFUlI9L3RtcC9fc2VjdXJlMS4kJA0KVE1Q MT0vdG1wL19zZWN1cmUyLiQkDQpUTVAyPS90bXAvX3NlY3VyZTMuJCQNClRN UDM9L3RtcC9fc2VjdXJlNC4kJA0KTElTVD0vdG1wL19zZWN1cmU1LiQkDQpP VVRQVVQ9L3RtcC9fc2VjdXJlNi4kJA0KDQp0cmFwICdybSAtZiAkRVJSICRU TVAxICRUTVAyICRUTVAzICRMSVNUICRPVVRQVVQnIDANCg0KDQojDQojIENo ZWNrIHRoZSBtYXN0ZXIgcGFzc3dvcmQgZmlsZSBzeW50YXguDQojDQpNUD0v ZXRjL21hc3Rlci5wYXNzd2QNCmF3ayAtRjogJ3sNCglpZiAoJDAgfiAvXlsJ IF0qJC8pIHsNCgkJcHJpbnRmKCJMaW5lICVkIGlzIGEgYmxhbmsgbGluZS5c biIsIE5SKTsNCgkJbmV4dDsNCgl9DQoJaWYgKE5GICE9IDEwKQ0KCQlwcmlu dGYoIkxpbmUgJWQgaGFzIHRoZSB3cm9uZyBudW1iZXIgb2YgZmllbGRzLlxu IiwgTlIpOw0KCWlmICgkMSAhfiAvXltBLVphLXowLTldKiQvKQ0KCQlwcmlu dGYoIkxvZ2luICVzIGhhcyBub24tYWxwaGFudW1lcmljIGNoYXJhY3RlcnMu XG4iLCAkMSk7DQoJaWYgKGxlbmd0aCgkMSkgPiA4KQ0KCQlwcmludGYoIkxv Z2luICVzIGhhcyBtb3JlIHRoYW4gOCBjaGFyYWN0ZXJzLlxuIiwgJDEpOw0K CWlmICgkMiA9PSAiIikNCgkJcHJpbnRmKCJMb2dpbiAlcyBoYXMgbm8gcGFz c3dvcmQuXG4iLCAkMSk7DQoJaWYgKGxlbmd0aCgkMikgIT0gMzQgJiYgKCQx MCB+IC8uKnNoJC8gfHwgJDEwID09ICIiKSkNCgkJcHJpbnRmKCJMb2dpbiAl cyBpcyBvZmYgYnV0IHN0aWxsIGhhcyBhIHZhbGlkIHNoZWxsLlxuIiwgJDEp Ow0KCWlmICgkMyA9PSAwICYmICQxICE9ICJyb290IiAmJiAkMSAhPSAidG9v ciIpDQoJCXByaW50ZigiTG9naW4gJXMgaGFzIGEgdXNlciBpZCBvZiAwLlxu IiwgJDEpOw0KCWlmICgkMyA8IDApDQoJCXByaW50ZigiTG9naW4gJXMgaGFz IGEgbmVnYXRpdmUgdXNlciBpZC5cbiIsICQxKTsNCglpZiAoJDQgPCAwKQ0K CQlwcmludGYoIkxvZ2luICVzIGhhcyBhIG5lZ2F0aXZlIGdyb3VwIGlkLlxu IiwgJDEpOw0KfScgPCAkTVAgPiAkT1VUUFVUDQppZiBbIC1zICRPVVRQVVQg XSA7IHRoZW4NCglwcmludGYgIlxuQ2hlY2tpbmcgdGhlICRNUCBmaWxlOlxu Ig0KCWNhdCAkT1VUUFVUDQpmaQ0KDQphd2sgLUY6ICd7IHByaW50ICQxIH0n ICRNUCB8IHNvcnQgfCB1bmlxIC1kID4gJE9VVFBVVA0KaWYgWyAtcyAkT1VU UFVUIF0gOyB0aGVuDQoJcHJpbnRmICJcbiRNUCBoYXMgZHVwbGljYXRlIHVz ZXIgbmFtZXMuXG4iDQoJY29sdW1uICRPVVRQVVQNCmZpDQoNCmF3ayAtRjog J3sgcHJpbnQgJDEgIiAiICQzIH0nICRNUCB8IHNvcnQgLW4gKzEgfCB0ZWUg JFRNUDEgfA0KdW5pcSAtZCAtZiAxIHwgYXdrICd7IHByaW50ICQyIH0nID4g JFRNUDINCmlmIFsgLXMgJFRNUDIgXSA7IHRoZW4NCglwcmludGYgIlxuJE1Q IGhhcyBkdXBsaWNhdGUgdXNlciBpZCdzLlxuIg0KICAgICAgICB3aGlsZSBy ZWFkIHVpZDsgZG8NCiAgICAgICAgICAgICAgICBncmVwIC13ICR1aWQgJFRN UDENCiAgICAgICAgZG9uZSA8ICRUTVAyIHwgY29sdW1uDQpmaQ0KDQoNCiMN CiMgQmFja3VwIHRoZSBtYXN0ZXIgcGFzc3dvcmQgZmlsZTsgYSBzcGVjaWFs IGNhc2UsIHRoZSBub3JtYWwgYmFja3VwDQojIG1lY2hhbmlzbXMgYWxzbyBw cmludCBvdXQgZmlsZSBkaWZmZXJlbmNlcyBhbmQgd2UgZG9uJ3Qgd2FudCB0 byBkbw0KIyB0aGF0IGJlY2F1c2UgdGhpcyBmaWxlIGhhcyBlbmNyeXB0ZWQg cGFzc3dvcmRzIGluIGl0Lg0KIw0KQ1VSPS92YXIvYmFja3Vwcy9gYmFzZW5h bWUgJE1QYC5jdXJyZW50DQpCQUNLPS92YXIvYmFja3Vwcy9gYmFzZW5hbWUg JE1QYC5iYWNrdXANCmlmIFsgLXMgJENVUiBdIDsgdGhlbg0KCWlmIGNtcCAt cyAkQ1VSICRNUDsgdGhlbg0KCQk6DQoJZWxzZQ0KCQljcCAtcCAkQ1VSICRC QUNLDQoJCWNwIC1wICRNUCAkQ1VSDQoJCWNob3duIHJvb3Qud2hlZWwgJENV Ug0KCWZpDQplbHNlDQoJY3AgLXAgJE1QICRDVVINCgljaG93biByb290Lndo ZWVsICRDVVINCmZpDQoNCg0KIw0KIyBDaGVjayB0aGUgZ3JvdXAgZmlsZSBz eW50YXguDQojDQpHUlA9L2V0Yy9ncm91cA0KYXdrIC1GOiAnew0KCWlmICgk MCB+IC9eWwkgXSokLykgew0KCQlwcmludGYoIkxpbmUgJWQgaXMgYSBibGFu ayBsaW5lLlxuIiwgTlIpOw0KCQluZXh0Ow0KCX0NCglpZiAoTkYgIT0gNCkN CgkJcHJpbnRmKCJMaW5lICVkIGhhcyB0aGUgd3JvbmcgbnVtYmVyIG9mIGZp ZWxkcy5cbiIsIE5SKTsNCglpZiAoJDEgIX4gL15bQS16YS16MC05XSokLykN CgkJcHJpbnRmKCJHcm91cCAlcyBoYXMgbm9uLWFscGhhbnVtZXJpYyBjaGFy YWN0ZXJzLlxuIiwgJDEpOw0KCWlmIChsZW5ndGgoJDEpID4gOCkNCgkJcHJp bnRmKCJHcm91cCAlcyBoYXMgbW9yZSB0aGFuIDggY2hhcmFjdGVycy5cbiIs ICQxKTsNCglpZiAoJDMgIX4gL1swLTldKi8pDQoJCXByaW50ZigiTG9naW4g JXMgaGFzIGEgbmVnYXRpdmUgZ3JvdXAgaWQuXG4iLCAkMSk7DQp9JyA8ICRH UlAgPiAkT1VUUFVUDQppZiBbIC1zICRPVVRQVVQgXSA7IHRoZW4NCglwcmlu dGYgIlxuQ2hlY2tpbmcgdGhlICRHUlAgZmlsZTpcbiINCgljYXQgJE9VVFBV VA0KZmkNCg0KYXdrIC1GOiAneyBwcmludCAkMSB9JyAkR1JQIHwgc29ydCB8 IHVuaXEgLWQgPiAkT1VUUFVUDQppZiBbIC1zICRPVVRQVVQgXSA7IHRoZW4N CglwcmludGYgIlxuJEdSUCBoYXMgZHVwbGljYXRlIGdyb3VwIG5hbWVzLlxu Ig0KCWNvbHVtbiAkT1VUUFVUDQpmaQ0KDQoNCiMNCiMgQ2hlY2sgZm9yIHJv b3QgcGF0aHMsIHVtYXNrIHZhbHVlcyBpbiBzdGFydHVwIGZpbGVzLg0KIyBU aGUgY2hlY2sgZm9yIHRoZSByb290IHBhdGhzIGlzIHByb2JsZW1hdGljYWwg LS0gaXQncyBsaWtlbHkgdG8gZmFpbA0KIyBpbiBvdGhlciBlbnZpcm9ubWVu dHMuICBPbmNlIHRoZSBzaGVsbHMgaGF2ZSBiZWVuIG1vZGlmaWVkIHRvIHdh cm4NCiMgb2YgJy4nIGluIHRoZSBwYXRoLCB0aGUgcGF0aCB0ZXN0cyBzaG91 bGQgZ28gYXdheS4NCiMNCj4gJE9VVFBVVA0KcmhvbWU9L3Jvb3QNCnVtYXNr c2V0PW5vDQpsaXN0PSIvZXRjL2NzaC5jc2hyYyAvZXRjL2NzaC5sb2dpbiAk e3Job21lfS8uY3NocmMgJHtyaG9tZX0vLmxvZ2luIg0KZm9yIGkgaW4gJGxp c3QgOyBkbw0KCWlmIFsgLWYgJGkgXSA7IHRoZW4NCgkJaWYgZWdyZXAgdW1h c2sgJGkgPiAvZGV2L251bGwgOyB0aGVuDQoJCQl1bWFza3NldD15ZXMNCgkJ ZmkNCgkJZWdyZXAgdW1hc2sgJGkgfA0KCQlhd2sgJyQyICUgMTAwIDwgMjAg XA0KCQkJeyBwcmludCAiUm9vdCB1bWFzayBpcyBncm91cCB3cml0ZWFibGUi IH0NCgkJICAgICAkMiAlIDEwIDwgMiBcDQoJCQl7IHByaW50ICJSb290IHVt YXNrIGlzIG90aGVyIHdyaXRlYWJsZSIgfScgPj4gJE9VVFBVVA0KCQkvYmlu L2NzaCAtZiAtcyA8PCBlbmQtb2YtY3NoID4gL2Rldi9udWxsIDI+JjENCgkJ CXVuc2V0IHBhdGgNCgkJCXNvdXJjZSAkaQ0KCQkJL2Jpbi9scyAtbGRnVCBc JHBhdGggPiAkVE1QMQ0KZW5kLW9mLWNzaA0KCQlhd2sgJ3sNCgkJCWlmICgk MTAgfiAvXlwuJC8pIHsNCgkJCQlwcmludCAiVGhlIHJvb3QgcGF0aCBpbmNs dWRlcyAuIjsNCgkJCQluZXh0Ow0KCQkJfQ0KCQkgICAgIH0NCgkJICAgICAk MSB+IC9eZC4uLi53LyBcDQogICAgICAgIHsgcHJpbnQgIlJvb3QgcGF0aCBk aXJlY3RvcnkgIiAkMTAgIiBpcyBncm91cCB3cml0ZWFibGUuIiB9IFwNCgkJ ICAgICAkMSB+IC9eZC4uLi4uLi53LyBcDQogICAgICAgIHsgcHJpbnQgIlJv b3QgcGF0aCBkaXJlY3RvcnkgIiAkMTAgIiBpcyBvdGhlciB3cml0ZWFibGUu IiB9JyBcDQoJCTwgJFRNUDEgPj4gJE9VVFBVVA0KCWZpDQpkb25lDQppZiBb ICR1bWFza3NldCA9ICJubyIgLW8gLXMgJE9VVFBVVCBdIDsgdGhlbg0KCXBy aW50ZiAiXG5DaGVja2luZyByb290IGNzaCBwYXRocywgdW1hc2sgdmFsdWVz OlxuJGxpc3RcbiINCglpZiBbIC1zICRPVVRQVVQgXTsgdGhlbg0KCQljYXQg JE9VVFBVVA0KCWZpDQoJaWYgWyAkdW1hc2tzZXQgPSAibm8iIF0gOyB0aGVu DQoJCXByaW50ZiAiXG5Sb290IGNzaCBzdGFydHVwIGZpbGVzIGRvIG5vdCBz ZXQgdGhlIHVtYXNrLlxuIg0KCWZpDQpmaQ0KDQo+ICRPVVRQVVQNCnJob21l PS9yb290DQp1bWFza3NldD1ubw0KbGlzdD0iJHtyaG9tZX0vLnByb2ZpbGUi DQpmb3IgaSBpbiAkbGlzdDsgZG8NCglpZiBbIC1mICRpIF0gOyB0aGVuDQoJ CWlmIGVncmVwIHVtYXNrICRpID4gL2Rldi9udWxsIDsgdGhlbg0KCQkJdW1h c2tzZXQ9eWVzDQoJCWZpDQoJCWVncmVwIHVtYXNrICRpIHwNCgkJYXdrICck MiAlIDEwMCA8IDIwIFwNCgkJCXsgcHJpbnQgIlJvb3QgdW1hc2sgaXMgZ3Jv dXAgd3JpdGVhYmxlIiB9IFwNCgkJICAgICAkMiAlIDEwIDwgMiBcDQoJCQl7 IHByaW50ICJSb290IHVtYXNrIGlzIG90aGVyIHdyaXRlYWJsZSIgfScgPj4g JE9VVFBVVA0KCQkvYmluL3NoIDw8IGVuZC1vZi1zaCA+IC9kZXYvbnVsbCAy PiYxDQoJCQlQQVRIPQ0KCQkJLiAkaQ0KCQkJbGlzdD1cYGVjaG8gXCRQQVRI IHwgL3Vzci9iaW4vc2VkIC1lICdzLzovIC9nJ1xgDQoJCQkvYmluL2xzIC1s ZGdUIFwkbGlzdCA+ICRUTVAxDQplbmQtb2Ytc2gNCgkJYXdrICd7DQoJCQlp ZiAoJDEwIH4gL15cLiQvKSB7DQoJCQkJcHJpbnQgIlRoZSByb290IHBhdGgg aW5jbHVkZXMgLiI7DQoJCQkJbmV4dDsNCgkJCX0NCgkJICAgICB9DQoJCSAg ICAgJDEgfiAvXmQuLi4udy8gXA0KICAgICAgICB7IHByaW50ICJSb290IHBh dGggZGlyZWN0b3J5ICIgJDEwICIgaXMgZ3JvdXAgd3JpdGVhYmxlLiIgfSBc DQoJCSAgICAgJDEgfiAvXmQuLi4uLi4udy8gXA0KICAgICAgICB7IHByaW50 ICJSb290IHBhdGggZGlyZWN0b3J5ICIgJDEwICIgaXMgb3RoZXIgd3JpdGVh YmxlLiIgfScgXA0KCQk8ICRUTVAxID4+ICRPVVRQVVQNCg0KCWZpDQpkb25l DQppZiBbICR1bWFza3NldCA9ICJubyIgLW8gLXMgJE9VVFBVVCBdIDsgdGhl bg0KCXByaW50ZiAiXG5DaGVja2luZyByb290IHNoIHBhdGhzLCB1bWFzayB2 YWx1ZXM6XG4kbGlzdFxuIg0KCWlmIFsgLXMgJE9VVFBVVCBdOyB0aGVuDQoJ CWNhdCAkT1VUUFVUDQoJZmkNCglpZiBbICR1bWFza3NldCA9ICJubyIgXSA7 IHRoZW4NCgkJcHJpbnRmICJcblJvb3Qgc2ggc3RhcnR1cCBmaWxlcyBkbyBu b3Qgc2V0IHRoZSB1bWFzay5cbiINCglmaQ0KZmkNCg0KDQojDQojIFJvb3Qg YW5kIHV1Y3Agc2hvdWxkIGJvdGggYmUgaW4gL2V0Yy9mdHB1c2Vycy4NCiMN CmlmIGVncmVwIHJvb3QgL2V0Yy9mdHB1c2VycyA+IC9kZXYvbnVsbCA7IHRo ZW4NCgk6DQplbHNlDQoJcHJpbnRmICJcblJvb3Qgbm90IGxpc3RlZCBpbiAv ZXRjL2Z0cHVzZXJzIGZpbGUuXG4iDQpmaQ0KaWYgZWdyZXAgdXVjcCAvZXRj L2Z0cHVzZXJzID4gL2Rldi9udWxsIDsgdGhlbg0KCToNCmVsc2UNCglwcmlu dGYgIlxuVXVjcCBub3QgbGlzdGVkIGluIC9ldGMvZnRwdXNlcnMgZmlsZS5c biINCmZpDQoNCiMgVXVkZWNvZGUgc2hvdWxkIG5vdCBiZSBpbiB0aGUgL2V0 Yy9hbGlhc2VzIGZpbGUuDQppZiBlZ3JlcCAndXVkZWNvZGU6LipcfHxkZWNv ZGU6LipcfCcgL2V0Yy9hbGlhc2VzOyB0aGVuDQogICAgICAgIHByaW50ZiAi XG5Qcm9ncmFtIGVudHJ5IGZvciB1dWRlY29kZSBleGlzdHMgaW4gdGhlIC9l dGMvYWxpYXNlcyBmaWxlLlxuIg0KZmkNCg0KIyBGaWxlcyB0aGF0IHNob3Vs ZCBub3QgaGF2ZSArIHNpZ25zLg0KbGlzdD0iL2V0Yy9ob3N0cy5lcXVpdiAv ZXRjL2hvc3RzLmxwZCINCmZvciBmIGluICRsaXN0IDsgZG8NCglpZiBlZ3Jl cCAnXCsnICRmID4gL2Rldi9udWxsIDsgdGhlbg0KCQlwcmludGYgIlxuUGx1 cyBzaWduIGluICRmIGZpbGUuXG4iDQoJZmkNCmRvbmUNCg0KDQojDQojIENo ZWNrIGZvciBzcGVjaWFsIHVzZXJzIHdpdGggLnJob3N0cyBmaWxlcy4gIE9u bHkgcm9vdCBhbmQgdG9vciBzaG91bGQNCiMgaGF2ZSBhIC5yaG9zdHMgZmls ZXMuICBBbHNvLCAucmhvc3RzIGZpbGVzIHNob3VsZCBub3QgaGF2ZSBwbHVz IHNpZ25zLg0KIw0KYXdrIC1GOiAnJDEgIT0gInJvb3QiICYmICQxICE9ICJ0 b29yIiAmJiBcDQoJKCQzIDwgMTAwIHx8ICQxID09ICJmdHAiIHx8ICQxID09 ICJ1dWNwIikgXA0KCQl7IHByaW50ICQxICIgIiAkNiB9JyAvZXRjL3Bhc3N3 ZCB8DQp3aGlsZSByZWFkIHVpZCBob21lZGlyOyBkbw0KCWlmIFsgLWYgJHto b21lZGlyfS8ucmhvc3RzIF0gOyB0aGVuDQoJCXJob3N0PWBscyAtbGRnVCAk e2hvbWVkaXJ9Ly5yaG9zdHNgDQoJCXByaW50ZiAiJHVpZDogJHJob3N0XG4i DQoJZmkNCmRvbmUgPiAkT1VUUFVUDQppZiBbIC1zICRPVVRQVVQgXSA7IHRo ZW4NCglwcmludGYgIlxuQ2hlY2tpbmcgZm9yIHNwZWNpYWwgdXNlcnMgd2l0 aCAucmhvc3RzIGZpbGVzOlxuIg0KCWNhdCAkT1VUUFVUDQpmaQ0KDQphd2sg LUY6ICd7IHByaW50ICQxICIgIiAkNiB9JyAvZXRjL3Bhc3N3ZCB8IFwNCndo aWxlIHJlYWQgdWlkIGhvbWVkaXI7IGRvDQoJaWYgWyAtZiAke2hvbWVkaXJ9 Ly5yaG9zdHMgXSAmJiBcDQoJICAgIGVncmVwICdcKycgJHtob21lZGlyfS8u cmhvc3RzID4gL2Rldi9udWxsIDI+JjE7IHRoZW4NCgkJcHJpbnRmICIkdWlk OiArIGluIC5yaG9zdHMgZmlsZS5cbiINCglmaQ0KZG9uZSA+ICRPVVRQVVQN CmlmIFsgLXMgJE9VVFBVVCBdIDsgdGhlbg0KCXByaW50ZiAiXG5DaGVja2lu ZyAucmhvc3RzIGZpbGVzIHN5bnRheDpcbiINCgljYXQgJE9VVFBVVA0KZmkN Cg0KDQojDQojIENoZWNrIGhvbWUgZGlyZWN0b3JpZXMuICBEaXJlY3Rvcmll cyBzaG91bGQgbm90IGJlIG93bmVkIGJ5IHNvbWVvbmUgZWxzZQ0KIyBvciB3 cml0ZWFibGUuDQojDQphd2sgLUY6ICd7IHByaW50ICQxICIgIiAkNiB9JyAv ZXRjL3Bhc3N3ZCB8IFwNCndoaWxlIHJlYWQgdWlkIGhvbWVkaXI7IGRvDQoJ aWYgWyAtZCAke2hvbWVkaXJ9LyBdIDsgdGhlbg0KCQlmaWxlPWBscyAtbGRn VCAke2hvbWVkaXJ9YA0KCQlwcmludGYgIiR1aWQgJGZpbGVcbiINCglmaQ0K ZG9uZSB8DQphd2sgJyQxICE9ICQ0ICYmICQ0ICE9ICJyb290IiBcDQoJeyBw cmludCAidXNlciAiICQxICIgaG9tZSBkaXJlY3RvcnkgaXMgb3duZWQgYnkg IiAkNCB9DQogICAgICQyIH4gL14tLi4uLncvIFwNCgl7IHByaW50ICJ1c2Vy ICIgJDEgIiBob21lIGRpcmVjdG9yeSBpcyBncm91cCB3cml0ZWFibGUiIH0N CiAgICAgJDIgfiAvXi0uLi4uLi4udy8gXA0KCXsgcHJpbnQgInVzZXIgIiAk MSAiIGhvbWUgZGlyZWN0b3J5IGlzIG90aGVyIHdyaXRlYWJsZSIgfScgPiAk T1VUUFVUDQppZiBbIC1zICRPVVRQVVQgXSA7IHRoZW4NCglwcmludGYgIlxu Q2hlY2tpbmcgaG9tZSBkaXJlY3RvcmllczpcbiINCgljYXQgJE9VVFBVVA0K ZmkNCg0KDQojDQojIEZpbGVzIHRoYXQgc2hvdWxkIG5vdCBiZSBvd25lZCBi eSBzb21lb25lIGVsc2Ugb3IgcmVhZGFibGUuDQojDQpsaXN0PSIubmV0cmMg LnJob3N0cyINCmF3ayAtRjogJ3sgcHJpbnQgJDEgIiAiICQ2IH0nIC9ldGMv cGFzc3dkIHwgXA0Kd2hpbGUgcmVhZCB1aWQgaG9tZWRpcjsgZG8NCglmb3Ig ZiBpbiAkbGlzdCA7IGRvDQoJCWZpbGU9JHtob21lZGlyfS8ke2Z9DQoJCWlm IFsgLWYgJGZpbGUgXSA7IHRoZW4NCgkJCXByaW50ZiAiJHVpZCAkZiBgbHMg LWxkZ1QgJGZpbGVgXG4iDQoJCWZpDQoJZG9uZQ0KZG9uZSB8DQphd2sgJyQx ICE9ICQ1ICYmICQ1ICE9ICJyb290IiBcDQoJeyBwcmludCAidXNlciAiICQx ICIgIiAkMiAiIGZpbGUgaXMgb3duZWQgYnkgIiAkNSB9DQogICAgICQzIH4g L14tLi4uci8gXA0KCXsgcHJpbnQgInVzZXIgIiAkMSAiICIgJDIgIiBmaWxl IGlzIGdyb3VwIHJlYWRhYmxlIiB9DQogICAgICQzIH4gL14tLi4uLi4uci8g XA0KCXsgcHJpbnQgInVzZXIgIiAkMSAiICIgJDIgIiBmaWxlIGlzIG90aGVy IHJlYWRhYmxlIiB9DQogICAgICQzIH4gL14tLi4uLncvIFwNCgl7IHByaW50 ICJ1c2VyICIgJDEgIiAiICQyICIgZmlsZSBpcyBncm91cCB3cml0ZWFibGUi IH0NCiAgICAgJDMgfiAvXi0uLi4uLi4udy8gXA0KCXsgcHJpbnQgInVzZXIg IiAkMSAiICIgJDIgIiBmaWxlIGlzIG90aGVyIHdyaXRlYWJsZSIgfScgPiAk T1VUUFVUDQoNCg0KIw0KIyBGaWxlcyB0aGF0IHNob3VsZCBub3QgYmUgb3du ZWQgYnkgc29tZW9uZSBlbHNlIG9yIHdyaXRlYWJsZS4NCiMNCmxpc3Q9Ii5i YXNocmMgLmNzaHJjIC5lbWFjc3JjIC5leHJjIC5mb3J3YXJkIC5rbG9naW4g LmxvZ2luIC5sb2dvdXQgXA0KICAgICAgLnByb2ZpbGUgLnRjc2hyYyINCmF3 ayAtRjogJ3sgcHJpbnQgJDEgIiAiICQ2IH0nIC9ldGMvcGFzc3dkIHwgXA0K d2hpbGUgcmVhZCB1aWQgaG9tZWRpcjsgZG8NCglmb3IgZiBpbiAkbGlzdCA7 IGRvDQoJCWZpbGU9JHtob21lZGlyfS8ke2Z9DQoJCWlmIFsgLWYgJGZpbGUg XSA7IHRoZW4NCgkJCXByaW50ZiAiJHVpZCAkZiBgbHMgLWxkZ1QgJGZpbGVg XG4iDQoJCWZpDQoJZG9uZQ0KZG9uZSB8DQphd2sgJyQxICE9ICQ1ICYmICQ1 ICE9ICJyb290IiBcDQoJeyBwcmludCAidXNlciAiICQxICIgIiAkMiAiIGZp bGUgaXMgb3duZWQgYnkgIiAkNSB9DQogICAgICQzIH4gL14tLi4uLncvIFwN Cgl7IHByaW50ICJ1c2VyICIgJDEgIiAiICQyICIgZmlsZSBpcyBncm91cCB3 cml0ZWFibGUiIH0NCiAgICAgJDMgfiAvXi0uLi4uLi4udy8gXA0KCXsgcHJp bnQgInVzZXIgIiAkMSAiICIgJDIgIiBmaWxlIGlzIG90aGVyIHdyaXRlYWJs ZSIgfScgPj4gJE9VVFBVVA0KaWYgWyAtcyAkT1VUUFVUIF0gOyB0aGVuDQoJ cHJpbnRmICJcbkNoZWNraW5nIGRvdCBmaWxlczpcbiINCgljYXQgJE9VVFBV VA0KZmkNCg0KDQojDQojIE1haWxib3hlcyBzaG91bGQgYmUgb3duZWQgYnkg dXNlciBhbmQgdW5yZWFkYWJsZS4NCiMNCmxzIC1sIC92YXIvbWFpbCB8IHNl ZCAxZCB8IFwNCmF3ayAnJDMgIT0gJDkgJiYgJDkgIT0gIi4iJDMiLnBvcCJc DQoJeyBwcmludCAidXNlciAiICQ5ICIgbWFpbGJveCBpcyBvd25lZCBieSAi ICQzIH0NCiAgICAgJDEgIT0gIi1ydy0tLS0tLS0iIFwNCgl7IHByaW50ICJ1 c2VyICIgJDkgIiBtYWlsYm94IGlzICIgJDEgIiwgZ3JvdXAgIiAkNCB9JyA+ ICRPVVRQVVQNCmlmIFsgLXMgJE9VVFBVVCBdIDsgdGhlbg0KCXByaW50ZiAi XG5DaGVja2luZyBtYWlsYm94IG93bmVyc2hpcDpcbiINCgljYXQgJE9VVFBV VA0KZmkNCg0KDQojDQojIEZpbGUgc3lzdGVtcyBzaG91bGQgbm90IGJlIGds b2JhbGx5IGV4cG9ydGVkLg0KIw0KYXdrICd7DQoJcmVhZG9ubHkgPSAwOw0K CWZvciAoaSA9IDI7IGkgPD0gTkY7ICsraSkgew0KCQlpZiAoJGkgfiAvLXJv LykNCgkJCXJlYWRvbmx5ID0gMTsNCgkJZWxzZSBpZiAoJGkgIX4gL14tLykN CgkJCW5leHQ7DQoJfQ0KCWlmIChyZWFkb25seSkNCgkJcHJpbnQgIkZpbGUg c3lzdGVtICIgJDEgIiBnbG9iYWxseSBleHBvcnRlZCwgcmVhZC1vbmx5LiIN CgllbHNlDQoJCXByaW50ICJGaWxlIHN5c3RlbSAiICQxICIgZ2xvYmFsbHkg ZXhwb3J0ZWQsIHJlYWQtd3JpdGUuIg0KfScgPCAvZXRjL2V4cG9ydHMgPiAk T1VUUFVUDQppZiBbIC1zICRPVVRQVVQgXSA7IHRoZW4NCglwcmludGYgIlxu Q2hlY2tpbmcgZm9yIGdsb2JhbGx5IGV4cG9ydGVkIGZpbGUgc3lzdGVtczpc biINCgljYXQgJE9VVFBVVA0KZmkNCg0KDQojDQojIERpc3BsYXkgYW55IGNo YW5nZXMgaW4gc2V0dWlkIGZpbGVzIGFuZCBkZXZpY2VzLg0KIw0KcHJpbnRm ICJcbkNoZWNraW5nIHNldHVpZCBmaWxlcyBhbmQgZGV2aWNlczpcbiINCihm aW5kIC8gISAtZnN0eXBlIGxvY2FsIC1hIC1wcnVuZSAtbyBcDQogICAgXCgg LXBlcm0gLXUrcyAtbyAtcGVybSAtZytzIC1vICEgLXR5cGUgZCAtYSAhIC10 eXBlIGYgLWEgISAtdHlwZSBsIC1hIFwNCiAgICAgICAhIC10eXBlIHMgXCkg fCBcDQpzb3J0IHwgc2VkIC1lICdzL14vbHMgLWxkZ1QgLycgfCBzaCA+ICRM SVNUKSAyPiAkT1VUUFVUDQoNCiMgRGlzcGxheSBhbnkgZXJyb3JzIHRoYXQg b2NjdXJyZWQgZHVyaW5nIHN5c3RlbSBmaWxlIHdhbGsuDQppZiBbIC1zICRP VVRQVVQgXSA7IHRoZW4NCglwcmludGYgIlNldHVpZC9kZXZpY2UgZmluZCBl cnJvcnM6XG4iDQoJY2F0ICRPVVRQVVQNCglwcmludGYgIlxuIg0KZmkNCg0K IyBEaXNwbGF5IGFueSBjaGFuZ2VzIGluIHRoZSBzZXR1aWQgZmlsZSBsaXN0 Lg0KZWdyZXAgLXYgJ15bYmNdJyAkTElTVCA+ICRUTVAxDQppZiBbIC1zICRU TVAxIF0gOyB0aGVuDQoJIyBDaGVjayB0byBtYWtlIHN1cmUgdXVkZWNvZGUg aXNuJ3Qgc2V0dWlkLg0KCWlmIGdyZXAgLXcgdXVkZWNvZGUgJFRNUDEgPiAv ZGV2L251bGwgOyB0aGVuDQoJCXByaW50ZiAiXG5VdWRlY29kZSBpcyBzZXR1 aWQuXG4iDQoJZmkNCg0KCUNVUj0vdmFyL2JhY2t1cHMvc2V0dWlkLmN1cnJl bnQNCglCQUNLPS92YXIvYmFja3Vwcy9zZXR1aWQuYmFja3VwDQoNCglpZiBb IC1zICRDVVIgXSA7IHRoZW4NCgkJaWYgY21wIC1zICRDVVIgJFRNUDEgOyB0 aGVuDQoJCQk6DQoJCWVsc2UNCgkJCT4gJFRNUDINCgkJCWpvaW4gLTExMCAt MjEwIC12MiAkQ1VSICRUTVAxID4gJE9VVFBVVA0KCQkJaWYgWyAtcyAkT1VU UFVUIF0gOyB0aGVuDQoJCQkJcHJpbnRmICJTZXR1aWQgYWRkaXRpb25zOlxu Ig0KCQkJCXRlZSAtYSAkVE1QMiA8ICRPVVRQVVQNCgkJCQlwcmludGYgIlxu Ig0KCQkJZmkNCg0KCQkJam9pbiAtMTEwIC0yMTAgLXYxICRDVVIgJFRNUDEg PiAkT1VUUFVUDQoJCQlpZiBbIC1zICRPVVRQVVQgXSA7IHRoZW4NCgkJCQlw cmludGYgIlNldHVpZCBkZWxldGlvbnM6XG4iDQoJCQkJdGVlIC1hICRUTVAy IDwgJE9VVFBVVA0KCQkJCXByaW50ZiAiXG4iDQoJCQlmaQ0KDQoJCQlzb3J0 ICs5ICRUTVAyICRDVVIgJFRNUDEgfCBcDQoJCQkgICAgc2VkIC1lICdzL1sJ IF1bCSBdKi8gL2cnIHwgdW5pcSAtdSA+ICRPVVRQVVQNCgkJCWlmIFsgLXMg JE9VVFBVVCBdIDsgdGhlbg0KCQkJCXByaW50ZiAiU2V0dWlkIGNoYW5nZXM6 XG4iDQoJCQkJY29sdW1uIC10ICRPVVRQVVQNCgkJCQlwcmludGYgIlxuIg0K CQkJZmkNCg0KCQkJY3AgJENVUiAkQkFDSw0KCQkJY3AgJFRNUDEgJENVUg0K CQlmaQ0KCWVsc2UNCgkJcHJpbnRmICJTZXR1aWQgYWRkaXRpb25zOlxuIg0K CQljb2x1bW4gLXQgJFRNUDENCgkJcHJpbnRmICJcbiINCgkJY3AgJFRNUDEg JENVUg0KCWZpDQpmaQ0KDQoNCiMNCiMgQ2hlY2sgZm9yIGJsb2NrIGFuZCBj aGFyYWN0ZXIgZGlzayBkZXZpY2VzIHRoYXQgYXJlIHJlYWRhYmxlIG9yIHdy aXRlYWJsZQ0KIyBvciBub3Qgb3duZWQgYnkgcm9vdC5vcGVyYXRvci4NCiMN Cj4kVE1QMQ0KRElTS0xJU1Q9ImRrIGhkIGhrIGhwIGpiIGtyYSByYSByYiBy ZCBybCByeCByeiBzZCB1cCB3ZCINCmZvciBpIGluICRESVNLTElTVDsgZG8N CgllZ3JlcCAiXmIuKi8ke2l9WzAtOV1bMC05XSpbYS1oXSQiICAkTElTVCA+ PiAkVE1QMQ0KCWVncmVwICJeYy4qL3Ike2l9WzAtOV1bMC05XSpbYS1oXSQi ICAkTElTVCA+PiAkVE1QMQ0KZG9uZQ0KDQphd2sgJyQzICE9ICJyb290IiB8 fCAkNCAhPSAib3BlcmF0b3IiIHx8ICQxICF+IC8ucnctci0tLS0tLyBcDQoJ eyBwcmludGYoIkRpc2sgJXMgaXMgdXNlciAlcywgZ3JvdXAgJXMsIHBlcm1p c3Npb25zICVzLlxuIiwgXA0KCSAgICAkMTEsICQzLCAkNCwgJDEpOyB9JyA8 ICRUTVAxID4gJE9VVFBVVA0KaWYgWyAtcyAkT1VUUFVUIF0gOyB0aGVuDQoJ cHJpbnRmICJcbkNoZWNraW5nIGRpc2sgb3duZXJzaGlwIGFuZCBwZXJtaXNz aW9uczpcbiINCgljYXQgJE9VVFBVVA0KCXByaW50ZiAiXG4iDQpmaQ0KDQoN CiMNCiMgRGlzcGxheSBhbnkgY2hhbmdlcyBpbiB0aGUgZGV2aWNlIGZpbGUg bGlzdC4NCiMNCmVncmVwICdeW2JjXScgJExJU1QgfCBzb3J0ICsxMCA+ICRU TVAxDQppZiBbIC1zICRUTVAxIF0gOyB0aGVuDQoJQ1VSPS92YXIvYmFja3Vw cy9kZXZpY2UuY3VycmVudA0KCUJBQ0s9L3Zhci9iYWNrdXBzL2RldmljZS5i YWNrdXANCg0KCWlmIFsgLXMgJENVUiBdIDsgdGhlbg0KCQlpZiBjbXAgLXMg JENVUiAkVE1QMSA7IHRoZW4NCgkJCToNCgkJZWxzZQ0KCQkJPiAkVE1QMg0K CQkJam9pbiAtMTExIC0yMTEgLXYyICRDVVIgJFRNUDEgPiAkT1VUUFVUDQoJ CQlpZiBbIC1zICRPVVRQVVQgXSA7IHRoZW4NCgkJCQlwcmludGYgIkRldmlj ZSBhZGRpdGlvbnM6XG4iDQoJCQkJdGVlIC1hICRUTVAyIDwgJE9VVFBVVA0K CQkJCXByaW50ZiAiXG4iDQoJCQlmaQ0KDQoJCQlqb2luIC0xMTEgLTIxMSAt djEgJENVUiAkVE1QMSA+ICRPVVRQVVQNCgkJCWlmIFsgLXMgJE9VVFBVVCBd IDsgdGhlbg0KCQkJCXByaW50ZiAiRGV2aWNlIGRlbGV0aW9uczpcbiINCgkJ CQl0ZWUgLWEgJFRNUDIgPCAkT1VUUFVUDQoJCQkJcHJpbnRmICJcbiINCgkJ CWZpDQoNCgkJCSMgUmVwb3J0IGFueSBibG9jayBkZXZpY2UgY2hhbmdlLiAg SWdub3JlIGNoYXJhY3Rlcg0KCQkJIyBkZXZpY2VzLCBvbmx5IHRoZSBuYW1l IGlzIHNpZ25pZmljYW50Lg0KCQkJY2F0ICRUTVAyICRDVVIgJFRNUDEgfCBc DQoJCQlzZWQgLWUgJy9eYy9kJyB8IFwNCgkJCXNvcnQgKzEwIHwgXA0KCQkJ c2VkIC1lICdzL1sJIF1bCSBdKi8gL2cnIHwgXA0KCQkJdW5pcSAtdSA+ICRP VVRQVVQNCgkJCWlmIFsgLXMgJE9VVFBVVCBdIDsgdGhlbg0KCQkJCXByaW50 ZiAiQmxvY2sgZGV2aWNlIGNoYW5nZXM6XG4iDQoJCQkJY29sdW1uIC10ICRP VVRQVVQNCgkJCQlwcmludGYgIlxuIg0KCQkJZmkNCg0KCQkJY3AgJENVUiAk QkFDSw0KCQkJY3AgJFRNUDEgJENVUg0KCQlmaQ0KCWVsc2UNCgkJcHJpbnRm ICJEZXZpY2UgYWRkaXRpb25zOlxuIg0KCQljb2x1bW4gLXQgJFRNUDENCgkJ cHJpbnRmICJcbiINCgkJY3AgJFRNUDEgJENVUg0KCWZpDQpmaQ0KDQoNCiMN CiMgQ2hlY2sgc3BlY2lhbCBmaWxlcy4NCiMgQ2hlY2sgc3lzdGVtIGJpbmFy aWVzLg0KIw0KIyBDcmVhdGUgdGhlIG10cmVlIHRyZWUgc3BlY2lmaWNhdGlv bnMgdXNpbmc6DQojDQojCW10cmVlIC1jeCAtcERJUiAta2Nrc3VtLGdpZCxt b2RlLG5saW5rLHNpemUsbGluayx0aW1lLHVpZCA+IERJUi5zZWN1cmUNCiMJ Y2hvd24gcm9vdC53aGVlbCBESVIuU0VDVVJFDQojCWNobW9kIDYwMCBESVIu U0VDVVJFDQojDQojIE5vdGUsIHRoaXMgaXMgbm90IGNvbXBsZXRlIHByb3Rl Y3Rpb24gYWdhaW5zdCBUcm9qYW4gaG9yc2VkIGJpbmFyaWVzLCBhcw0KIyB0 aGUgaGFja2VyIGNhbiBtb2RpZnkgdGhlIHRyZWUgc3BlY2lmaWNhdGlvbiB0 byBtYXRjaCB0aGUgcmVwbGFjZWQgYmluYXJ5Lg0KIyBGb3IgZGV0YWlscyBv biByZWFsbHkgcHJvdGVjdGluZyB5b3Vyc2VsZiBhZ2FpbnN0IG1vZGlmaWVk IGJpbmFyaWVzLCBzZWUNCiMgdGhlIG10cmVlKDgpIG1hbnVhbCBwYWdlLg0K Iw0KaWYgY2QgL2V0Yy9tdHJlZTsgdGhlbg0KCW10cmVlIC1lIC1wIC8gLWYg L2V0Yy9tdHJlZS9zcGVjaWFsID4gJE9VVFBVVA0KCWlmIFsgLXMgJE9VVFBV VCBdIDsgdGhlbg0KCQlwcmludGYgIlxuQ2hlY2tpbmcgc3BlY2lhbCBmaWxl cyBhbmQgZGlyZWN0b3JpZXM6XG4iDQoJCWNhdCAkT1VUUFVUDQoJZmkNCg0K CT4gJE9VVFBVVA0KCWZvciBmaWxlIGluICouc2VjdXJlOyBkbw0KCQl0cmVl PWBzZWQgLW4gLWUgJzNzLy4qIC8vcCcgLWUgM3EgJGZpbGUgMj4vZGV2L251 bGxgDQoJCW10cmVlIC1mICRmaWxlIC1wICR0cmVlID4gJFRNUDEgMj4vZGV2 L251bGwNCgkJaWYgWyAtcyAkVE1QMSBdOyB0aGVuDQoJCQlwcmludGYgIlxu Q2hlY2tpbmcgJHRyZWU6XG4iID4+ICRPVVRQVVQNCgkJCWNhdCAkVE1QMSA+ PiAkT1VUUFVUDQoJCWZpDQoJZG9uZQ0KCWlmIFsgLXMgJE9VVFBVVCBdIDsg dGhlbg0KCQlwcmludGYgIlxuQ2hlY2tpbmcgc3lzdGVtIGJpbmFyaWVzOlxu Ig0KCQljYXQgJE9VVFBVVA0KCWZpDQpmaQ0KDQoNCiMgDQojIENoZWNrc3Vt IHN5c3RlbSBiaW5hcmllcyBhbmQgbG9vayBmb3IgZGlmZmVyZW5jZXMuICBB bHRob3VnaA0KIyBkaXNjcmVwYW5jaWVzIGZsYWdnZWQgaW4gdGhpcyBzZWN0 aW9uIG1heSBpbmRpY2F0ZSBhIHRyb2phbiBob3JzZQ0KIyBiaW5hcnksICpu byogZGlzY3JlcGFuY3kgZG9lcyAqbm90KiBtZWFuIHlvdSBhcmUgaW4gdGhl IGNsZWFyIQ0KIyBLZWVwIGEgY29weSBvZiB0aGUgY2hlY2tzdW1zIG9uIGEg c2VjdXJlLCByZW1vdGUgaG9zdCBmb3IgYmV0dGVyDQojIHByb3RlY3Rpb24u DQojDQoNCnJtICRUTVAxDQpmb3IgZGlyIGluIC9iaW4gL3NiaW4gL3Vzci9i aW4gL3Vzci9zYmluIC91c3IvbG9jYWwvYmluIC91c3IvWDExL2JpbiA7IGRv DQoJaWYgWyAtZCAkZGlyIF0gOyB0aGVuDQoJCWNkICRkaXINCgkJbHMgLTEg fCB4YXJncyBtZDUgPj4gJFRNUDENCglmaQ0KZG9uZQ0KDQpDVVI9Ii92YXIv YmFja3Vwcy9tZDUuY3VycmVudCINCkJBQ0s9Ii92YXIvYmFja3Vwcy9tZDUu YmFja3VwIg0KaWYgWyAtcyAkQ1VSIF0gOyB0aGVuDQoJZGlmZiAkQ1VSICRU TVAxID4gJE9VVFBVVA0KCWlmIFsgLXMgJE9VVFBVVCBdIDsgdGhlbg0KCXBy aW50ZiAiXG49PT09PT1cbk1ENSBkaWZmcyAoT0xEIDwgPiBORVcpXG49PT09 PT1cbiINCgkJY2F0ICRPVVRQVVQNCgkJY3AgLXAgJENVUiAkQkFDSw0KCQlj cCAtcCAkVE1QMSAkQ1VSDQoJCWNob3duIHJvb3Qud2hlZWwgJENVUiAkQkFD Sw0KCQljaG1vZCA2MDAgJENVUiAkQkFDSw0KCWZpDQplbHNlDQoJY3AgLXAg JFRNUDEgJENVUg0KCWNob3duIHJvb3Qud2hlZWwgJENVUg0KCWNobW9kIDYw MCAkQ1VSDQpmaQ0KDQoNCiMNCiMgTGlzdCBvZiBmaWxlcyB0aGF0IGdldCBi YWNrZWQgdXAgYW5kIGNoZWNrZWQgZm9yIGFueSBtb2RpZmljYXRpb25zLiAg RWFjaA0KIyBmaWxlIGlzIGV4cGVjdGVkIHRvIGhhdmUgdHdvIGJhY2t1cHMs IC92YXIvYmFja3Vwcy9maWxlLntjdXJyZW50LGJhY2t1cH0uDQojIEFueSBj aGFuZ2VzIGNhdXNlIHRoZSBmaWxlcyB0byByb3RhdGUuDQojDQppZiBbIC1z IC9ldGMvY2hhbmdlbGlzdCBdIDsgdGhlbg0KCWZvciBmaWxlIGluIGBjYXQg L2V0Yy9jaGFuZ2VsaXN0YDsgZG8NCgkJQ1VSPS92YXIvYmFja3Vwcy9gYmFz ZW5hbWUgJGZpbGVgLmN1cnJlbnQNCgkJQkFDSz0vdmFyL2JhY2t1cHMvYGJh c2VuYW1lICRmaWxlYC5iYWNrdXANCgkJaWYgWyAtcyAkZmlsZSBdOyB0aGVu DQoJCQlpZiBbIC1zICRDVVIgXSA7IHRoZW4NCgkJCQlkaWZmICRDVVIgJGZp bGUgPiAkT1VUUFVUDQoJCQkJaWYgWyAtcyAkT1VUUFVUIF0gOyB0aGVuDQoJ CXByaW50ZiAiXG49PT09PT1cbiVzIGRpZmZzIChPTEQgPCA+IE5FVylcbj09 PT09PVxuIiAkZmlsZQ0KCQkJCQljYXQgJE9VVFBVVA0KCQkJCQljcCAtcCAk Q1VSICRCQUNLDQoJCQkJCWNwIC1wICRmaWxlICRDVVINCgkJCQkJY2hvd24g cm9vdC53aGVlbCAkQ1VSICRCQUNLDQoJCQkJZmkNCgkJCWVsc2UNCgkJCQlj cCAtcCAkZmlsZSAkQ1VSDQoJCQkJY2hvd24gcm9vdC53aGVlbCAkQ1VSDQoJ CQlmaQ0KCQlmaQ0KCWRvbmUNCmZpDQo= --0-668466482-796679051=:1567-- From owner-freebsd-security Fri Mar 31 13:38:40 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id NAA06421 for security-outgoing; Fri, 31 Mar 1995 13:38:40 -0800 Received: from mpp.com (dialup-1-12.gw.umn.edu [134.84.101.12]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id NAA06405 for ; Fri, 31 Mar 1995 13:38:28 -0800 Received: (from mpp@localhost) by mpp.com (8.6.11/8.6.9) id PAA00270; Fri, 31 Mar 1995 15:34:25 -0600 From: Mike Pritchard Message-Id: <199503312134.PAA00270@mpp.com> Subject: Re: New /etc/security script for FreeBSD To: taob@gate.sinica.edu.tw (Brian Tao) Date: Fri, 31 Mar 1995 15:34:25 -0600 (CST) Cc: freebsd-security@FreeBSD.org In-Reply-To: from "Brian Tao" at Apr 1, 95 03:44:11 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 2408 Sender: security-owner@FreeBSD.org Precedence: bulk > I've attached the script to this message and seek comments on it. > Two functional changes have been made to the script. The first is > changing line 33 to reflect FreeBSD's 8-char username limit. The > second is the addition of a checksum module starting at line 557. It > uses md5(1) to calculate checksums for all files in a specified set of > directories chosen to contain system binaries. It's purpose is to aid > in the detection of trojan horses. One change I made to my /etc/daily & /etc/security was to only send me mail if the security script detected something. The reason being, I didn't want to get sick of seeing the message every day and automatically delete it without really reading it and then miss something. I plan to do something like this with my daily/monthly scripts sometime, too. My feeling is that any automatic scripts like this should only produce mail where there really is something wrong, otherwise people just tend to glance at them and might miss something important (this is especially true if they receive mail from multiple machines). If we import this new security script, I would vote for doing things they way I described (otherwise it is just more work for me to port them to my way :-). I'm sure that there are people who like to see lots of mail in their mailbox, so maybe there should be some type of option in sysconfig that allows you to specify whether or not the automatic scripts should always produce output, or only produce output on "significant events"? My changes were done like so: #/etc/daily: [...lots of stuff removed...] sh /etc/security > /tmp/_daily.$$ 2>&1 if [ $? -ne 0 ] # change the above line to: # if [ $? -ne 0 -o "$SCRIPT_OUTPUT" = "TRUE" ] # if sysconfig is changed, and some option is added to control this then mail -s "daily insecurity output" root < /tmp/_daily.$$ fi rm -f /tmp/_daily.$$ Then changing security like this: #/etc/security: EXITSTAT=0 [...lots of stuff removed...] echo "checking for uids of 0:" awk 'BEGIN {FS=":"} $3=="0" {print $1,$3}' /etc/master.passwd > $TMP if cmp $LOG/uids.today $TMP >/dev/null; then :; else echo "$host uid 0 diffs:" diff $LOG/uids.today $TMP mv $LOG/uids.today $LOG/uids.yesterday mv $TMP $LOG/uids.today EXITSTAT=1 fi rm -f $TMP exit $EXITSTAT -- Mike Pritchard pritc003@maroon.tc.umn.edu "Go that way. Really fast. If something gets in your way, turn" From owner-freebsd-security Fri Mar 31 15:43:12 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id PAA11205 for security-outgoing; Fri, 31 Mar 1995 15:43:12 -0800 Received: from eel.dataplex.net (EEL.DATAPLEX.NET [199.183.109.245]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id PAA11199 for ; Fri, 31 Mar 1995 15:43:11 -0800 Received: from [199.183.109.242] (cod [199.183.109.242]) by eel.dataplex.net (8.6.10/8.6.9) with SMTP id RAA12559; Fri, 31 Mar 1995 17:42:52 -0600 X-Sender: wacky@shark.dataplex.net Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 31 Mar 1995 17:42:54 -0600 To: Mike Pritchard From: rkw@dataplex.net (Richard Wackerbarth) Subject: Re: New /etc/security script for FreeBSD Cc: freebsd-security@FreeBSD.org Sender: security-owner@FreeBSD.org Precedence: bulk >One change I made to my /etc/daily & /etc/security was to only >send me mail if the security scrip.t detected something. The reason >being, I didn't want to get sick of seeing the message every day >and automatically delete it without really reading it and then >miss something. Good! When I hack into your machine, I'll just disable the /etc/security script and you can go right on thinking that everything is OK. At least send the mail to a 'bot' that screens it and let's you know that it arrived when expected. ---- Richard Wackerbarth rkw@dataplex.net From owner-freebsd-security Fri Mar 31 18:42:51 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id SAA18543 for security-outgoing; Fri, 31 Mar 1995 18:42:51 -0800 Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id SAA18362 for ; Fri, 31 Mar 1995 18:42:43 -0800 Received: from localhost (localhost [127.0.0.1]) by precipice.shockwave.com (8.6.11/8.6.9) with SMTP id SAA09362; Fri, 31 Mar 1995 18:41:18 -0800 Message-Id: <199504010241.SAA09362@precipice.shockwave.com> To: Brian Tao cc: FREEBSD-SECURITY-L Subject: Re: New /etc/security script for FreeBSD In-reply-to: Your message of "Sat, 01 Apr 1995 03:44:11 +0800." Date: Fri, 31 Mar 1995 18:41:03 -0800 From: Paul Traina Sender: security-owner@FreeBSD.org Precedence: bulk It's better but it needs work, it has false positives in freebsd as distributed. In other words, Jordan, if you're listening, do NOT install this until it gets fixed by someone. The standard FreeBSD /etc/security script is rather anemic in comparison. Could this be included as the standard script in future FreeBSD distributions? I just looked on a friend's NetBSD 1.0 machine and this is the file they use. From owner-freebsd-security Fri Mar 31 21:46:35 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id VAA01103 for security-outgoing; Fri, 31 Mar 1995 21:46:35 -0800 Received: from aries.ibms.sinica.edu.tw ([140.109.40.248]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id VAA01097 for ; Fri, 31 Mar 1995 21:46:33 -0800 Received: (from taob@localhost) by aries.ibms.sinica.edu.tw (8.6.11/8.6.9) id NAA12879; Sat, 1 Apr 1995 13:46:50 +0800 Date: Sat, 1 Apr 1995 13:46:50 +0800 (CST) From: Brian Tao To: FREEBSD-SECURITY-L Subject: Re: New /etc/security script for FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: security-owner@FreeBSD.org Precedence: bulk On Fri, 31 Mar 1995, Richard Wackerbarth wrote: > > Good! When I hack into your machine, I'll just disable the /etc/security > script and you can go right on thinking that everything is OK. > > At least send the mail to a 'bot' that screens it and let's you know that > it arrived when expected. The output is mailed to root by default, and I've added another address to the /etc/daily line so it is available in two places. Of course, if you do get root on my machine, no cronned script is going to help me anyway. -- Brian ("Though this be madness, yet there is method in't") Tao taob@gate.sinica.edu.tw <-- work ........ play --> taob@io.org From owner-freebsd-security Fri Mar 31 21:48:08 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id VAA01128 for security-outgoing; Fri, 31 Mar 1995 21:48:08 -0800 Received: from aries.ibms.sinica.edu.tw ([140.109.40.248]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id VAA01122 for ; Fri, 31 Mar 1995 21:48:06 -0800 Received: (from taob@localhost) by aries.ibms.sinica.edu.tw (8.6.11/8.6.9) id NAA12888; Sat, 1 Apr 1995 13:48:23 +0800 Date: Sat, 1 Apr 1995 13:48:23 +0800 (CST) From: Brian Tao To: FREEBSD-SECURITY-L Subject: Re: New /etc/security script for FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: security-owner@FreeBSD.org Precedence: bulk On Fri, 31 Mar 1995, Richard Wackerbarth wrote: > > Good! When I hack into your machine, I'll just disable the /etc/security > script and you can go right on thinking that everything is OK. Sorry... I didn't realize you were replying to Mike Pritchard's suggestion and not complaining about the script in general. I hate it when mail arrives out of order. ;-) -- Brian ("Though this be madness, yet there is method in't") Tao taob@gate.sinica.edu.tw <-- work ........ play --> taob@io.org From owner-freebsd-security Fri Mar 31 21:50:24 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id VAA01168 for security-outgoing; Fri, 31 Mar 1995 21:50:24 -0800 Received: from aries.ibms.sinica.edu.tw ([140.109.40.248]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id VAA01162 for ; Fri, 31 Mar 1995 21:50:21 -0800 Received: (from taob@localhost) by aries.ibms.sinica.edu.tw (8.6.11/8.6.9) id NAA12899; Sat, 1 Apr 1995 13:50:39 +0800 Date: Sat, 1 Apr 1995 13:50:38 +0800 (CST) From: Brian Tao To: FREEBSD-SECURITY-L Subject: Re: New /etc/security script for FreeBSD In-Reply-To: <199504010241.SAA09362@precipice.shockwave.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: security-owner@FreeBSD.org Precedence: bulk On Fri, 31 Mar 1995, Paul Traina wrote: > > It's better but it needs work, it has false positives in freebsd as > distributed. Yes, it does. I haven't taken the time to go through the details of the script yet (been busy with a few FreeBSD installs here and a nightmarish job on a client's Netra server). I figured I'd toss it in the air and whoever has the time and the knowledge could take a whack at it. -- Brian ("Though this be madness, yet there is method in't") Tao taob@gate.sinica.edu.tw <-- work ........ play --> taob@io.org From owner-freebsd-security Sat Apr 1 10:51:39 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id KAA23867 for security-outgoing; Sat, 1 Apr 1995 10:51:39 -0800 Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id KAA23860 for ; Sat, 1 Apr 1995 10:51:34 -0800 Received: from localhost (localhost [127.0.0.1]) by precipice.shockwave.com (8.6.11/8.6.9) with SMTP id KAA15088 for ; Sat, 1 Apr 1995 10:50:47 -0800 Message-Id: <199504011850.KAA15088@precipice.shockwave.com> To: security@FreeBSD.org Subject: root owning everything Date: Sat, 01 Apr 1995 10:50:37 -0800 From: Paul Traina Sender: security-owner@FreeBSD.org Precedence: bulk Except for setuid files, the majority of files in / and /usr should be owned by root, not bin, so that I can't nfsmount a volume read-write and su to bin and have a party. An alternative would be to map uid bin to nobody the same way root is done. Feelings? From owner-freebsd-security Sat Apr 1 11:18:11 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA25290 for security-outgoing; Sat, 1 Apr 1995 11:18:11 -0800 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.34]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA25265 for ; Sat, 1 Apr 1995 11:17:58 -0800 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id FAA18492; Sun, 2 Apr 1995 05:15:53 +1000 Date: Sun, 2 Apr 1995 05:15:53 +1000 From: Bruce Evans Message-Id: <199504011915.FAA18492@godzilla.zeta.org.au> To: pst@Shockwave.COM, security@FreeBSD.org Subject: Re: root owning everything Sender: security-owner@FreeBSD.org Precedence: bulk >Except for setuid files, the majority of files in / and /usr should be owned >by root, not bin, so that I can't nfsmount a volume read-write and su to >bin and have a party. >An alternative would be to map uid bin to nobody the same way root is done. I don't like files owned by root. They force me to run as root too much. The CSRG Makefiles seem to have the same policy as we have (almost everything owned by bin). How is this problem traditionally handled? Bruce From owner-freebsd-security Sat Apr 1 11:29:59 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA26078 for security-outgoing; Sat, 1 Apr 1995 11:29:59 -0800 Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA26072 for ; Sat, 1 Apr 1995 11:29:56 -0800 Received: from localhost (localhost [127.0.0.1]) by precipice.shockwave.com (8.6.11/8.6.9) with SMTP id LAA15637; Sat, 1 Apr 1995 11:28:49 -0800 Message-Id: <199504011928.LAA15637@precipice.shockwave.com> To: Bruce Evans cc: security@FreeBSD.org Subject: Re: root owning everything In-reply-to: Your message of "Sun, 02 Apr 1995 05:15:53 +1000." <199504011915.FAA18492@godzilla.zeta.org.au> Date: Sat, 01 Apr 1995 11:28:49 -0800 From: Paul Traina Sender: security-owner@FreeBSD.org Precedence: bulk From: Bruce Evans Subject: Re: root owning everything >Except for setuid files, the majority of files in / and /usr should be owned >by root, not bin, so that I can't nfsmount a volume read-write and su to >bin and have a party. >An alternative would be to map uid bin to nobody the same way root is done. I don't like files owned by root. They force me to run as root too much. The CSRG Makefiles seem to have the same policy as we have (almost everything owned by bin). How is this problem traditionally handled? Bruce read only mounts and a lot of praying From owner-freebsd-security Sat Apr 1 11:31:56 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA26238 for security-outgoing; Sat, 1 Apr 1995 11:31:56 -0800 Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA26232 for ; Sat, 1 Apr 1995 11:31:51 -0800 Received: by gvr.win.tue.nl (8.6.10/1.53) id VAA04776; Sat, 1 Apr 1995 21:23:18 +0200 From: guido@gvr.win.tue.nl (Guido van Rooij) Message-Id: <199504011923.VAA04776@gvr.win.tue.nl> Subject: Re: your mail To: paul@isl.cf.ac.uk (Paul Richards) Date: Sat, 1 Apr 1995 21:23:17 +0200 (MET DST) Cc: jkh@violet.berkeley.edu, security@FreeBSD.org, csteiner@vaultbbs.com In-Reply-To: <199503281022.LAA17832@isl.cf.ac.uk> from "Paul Richards" at Mar 28, 95 11:22:26 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 372 Sender: security-owner@FreeBSD.org Precedence: bulk Paul Richards wrote: > > In reply to Guido van Rooij who said > > Wietse Venema, codevelopper of Satan hapesn to be my neighbour. > > Of course, Satan has been well tested on FreeBSd systems (like > > all his tools). > > How does it do? > It depends on if you install wrappers or not. But having an up to date sendmail and the secure portmapper is quite nice. -Guido