Date: Sun, 23 Jun 2002 16:39:33 -0700 From: Cy Schubert - CITS Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> Cc: "Lawrence Sica" <lomifeh@earthlink.net>, "Trevor Johnson" <trevor@jpj.net>, security@FreeBSD.ORG Subject: Re: Possible security liability: Filling disks with junk or spam Message-ID: <200206232339.g5NNdXJw079333@cwsys.cwsent.com> In-Reply-To: Message from "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> of "Sun, 23 Jun 2002 16:23:57 CDT." <008901c21afc$4a836100$44ec910c@daleco>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <008901c21afc$4a836100$44ec910c@daleco>, "Kevin Kinsey,
DaleCo, S.P.
" writes:
> ----- Original Message -----
> From: "Lawrence Sica" <lomifeh@earthlink.net>
> To: "Trevor Johnson" <trevor@jpj.net>
> Cc: <security@FreeBSD.ORG>
> Sent: Sunday, June 23, 2002 12:07 AM
> Subject: Re: Possible security liability: Filling disks with junk or spam
>
>
> > Trevor Johnson wrote:
> > >>A client recently called me in puzzlement, saying that his system was
> > >>misbehaving, and it turned out that this was what had happened. The
> address
> > >>"news@victim.com" had somehow wound up on quite a few spammers' lists.
> He'd
> > >>never used or hosted netnews, and so had no need for the pseudo-user.
> But that
> > >>pseudo-user was there by default, and the system dutifully created a
> mailbox
> > >>for him/her/it when the very first spam arrived. It started growing by
> leaps
> > >>and bounds until it was -- I kid you not! -- several hundred megabytes
> in
> > >>size. At which point the partition ran out of room.
> > >>
> > >>It seems to me that pseudo-users should be non-mailable, just as a basic
> > >>security policy. Ideas for the best way to implement this in the default
> > >>install?
> > >
> > > <snip RFC interp and suggested inetd.conf comments>
> >
> > Consider that the daily output includes a df output so you just need to
> > read your root email ;)
> >
> > --Larry
> >
> And that's a great point worthy of a reposting. While it's unfortunate that
> someone got their disk filled with junk, it's also seemingly indicative of a
> general lack of supervision on that box. The first line of defense is the
> scrutiny of the operator, not necessarily the revision of the OS.
Agreed and scrutiny by the operator should also be the last line of
defense. Little do many understand that an experienced sysadmin is the
best asset they can have. Unfortunately many companies and
organizations are unwilling to pay for that.
>
> One of the reasons I choose FBSD over other servers, especially M$, is
> that it's not too hard to do some reading and learn the OS; learn a couple
> of easy command line statements and see what's installed, what services are
> running, and etc Patience is a virtue, time with a browser a must, but no
> rocket science degree is needed.
>
> Perhaps this should be added to /stand/sysinstall:
> "You have just installed an operating system. Before you reboot
> your
> computer, PLEASE take some time and learn just what the thing will be
> doing while it sits in your home and/or place of business...."
Or hire or rent someone with the qualifications and experience to do it
right. Of course paying a lot of money doesn't guarantee that the job
will be done right. I've seen cases where high priced vendor personnel
installed insecure systems stating that the <vendor> O/S comes secure
right out of the box and that no additional security "tweaking" was
required. Unfortunately these systems were quickly discovered by
spammers. The rest was history.
--
Cheers, Phone: 250-387-8437
Cy Schubert Fax: 250-387-5766
Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, CITS
Ministry of Management Services
Province of BC
FreeBSD UNIX: cy@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206232339.g5NNdXJw079333>