Date: Fri, 18 Apr 1997 08:44:47 -0700 (PDT) From: Brion Moss <brion@queeg.com> To: The Hermit Hacker <scrappy@hub.org> Cc: "Serge A. Babkin" <babkin@hq.icb.chel.su>, khetan@iafrica.com, security@freebsd.org, hackers@freebsd.org Subject: Re: SATAN under FreeBSD Message-ID: <199704181544.IAA25067@coven.queeg.com> In-Reply-To: <Pine.NEB.3.96.970411101637.235l-100000@thelab.hub.org> References: <199704111311.TAA06060@hq.icb.chel.su> <Pine.NEB.3.96.970411101637.235l-100000@thelab.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Check out "The Admin Guide to Cracking, by the people who brought you Satan. It's at ftp://ftp.win.tue.nl/pub/security/index.html, along with a lot of other good stuff. AUSCERT has a security checklist that you can go through. There's a better checklist in _Practical_UNIX_And_Internet_Security_, from O'Reilly. -Brion The Hermit Hacker writes: > On Fri, 11 Apr 1997, Serge A. Babkin wrote: > > > > > Or just set in the options that the .pl suffix means a HTML file. > > > > It worked great for me. The only problem is that I found > > > > absolutely no usefulness in SATAN. The "holes" it reported > > > > about were so idiotic. > > > > > > > Any useful resources that I can look through on how to debug > > > things? For instance, one of the machines at the office is an old > > > Altos machine running 'Sendmail 5.59/Altos-2.0 ready'...I'd like to be > > > able to test that one for any holes. > > > > I awaited a like thing from SATAN too. But almost all it did was analysing > > the NFS exports :-( > > Looking at the work on SATAN, and what it was trying to address, > why isn't there a list compiled of 'how to break into an insecure system'? > Something that a system adminstrator could sit down and go through, one by > one, to test their systems? > > One of the 'papers' that I've come across through Yahoo is found > at: > > http://www.geocities.com/SiliconValley/Lakes/6866/admin.html > > which details several different methods of cracking into a system, > but its by no means complete, and all of them fail even on that old Altos > machine, so, like SATAN, is practically useless. > > Does anyone else know of something similar? Maybe start up a > 'Improving Security' section off of the FreeBSD web pages with links to > *good* papers like the above? > > > Marc G. Fournier > Systems Administrator @ hub.org > primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704181544.IAA25067>