Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 7 Feb 2012 13:29:03 +0000
From:      Frank Shute <frank@shute.org.uk>
To:        Henry Olyer <henry.olyer@gmail.com>
Cc:        FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: on hammer's, security, and centrifuges...
Message-ID:  <20120207132903.GA4616@orange.esperance-linux.co.uk>
In-Reply-To: <CAE7N2ke-eEg3QqD3OfD_AJ6Yx78wwhOiApwVYsDQXhxU14JgAQ@mail.gmail.com>
References:  <CAE7N2ke-eEg3QqD3OfD_AJ6Yx78wwhOiApwVYsDQXhxU14JgAQ@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

--9jxsPFA5p3P2qPhR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Feb 07, 2012 at 07:03:50AM -0500, Henry Olyer wrote:
>
> So I was coding along...
>=20
> On my laptop, on session #1, and I get a notice that someone did an su.
>  Except I'm the only user and I didn't have an ethernet cord connected.
>  (And no, it wasn't me...)

"someone". Whom? Show us the log.
>=20
> I just built this laptop a few days ago.  Fresh.  I did have to get on the
> net to download/make/install a few critical packages.  I do development.
>  And research.
>=20
> My guess, not one shred of evidence, is that someone got in while I was
> re-building packages.  Some, (for example Maxima,) take hours.  And becau=
se
> of problems with gnuplot and pdflib, won't build as packages without
> re-compilation.

Compare times of su to time when you were building.

>=20
> Look, I'm going to use FreeBSD as long as both it and I am around, it's
> just the best choice for me, for my user's.  But we need to improve
> security.
>=20
> I'm not a security expert, my work is in another area.  But I would like =
to
> suggest that the FBSD be enhanced so that each load module, each compiled
> program, contain a DSA-based public key.  Yes, this would make installing
> and maintaining systems an all-day run.  But some of us need a higher
> degree of security than is presently available.
>=20
> For now, until I remake my laptop, I'm going to disable the ath0 wireless.

Did you use the procedure outlined in the handbook? It uses WAP and is
pretty secure.

>=20
> How?  What's the best method to make certain that my wireless chip is
> turned off?

Turn the chip off in the BIOS. But that is overkill. Can probably
ifconfig ath0 down or something of the sort.

>=20
> Or is this something best accomplished with a hammer?  Not a pleasant
> thought...
>=20
> (Oh, and centrifuges?, well two out of three isn't bad.  About centrifuges
> I got nothing.)
>=20
> Is their something I can do that would help the FBSD security people?, or,
> is hacking so routine that it wouldn't help to know the particulars.
>  sigh...

No, it would help to know the particulars.


Regards,

--=20

 Frank

 Contact info: http://www.shute.org.uk/misc/contact.html



--9jxsPFA5p3P2qPhR
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (FreeBSD)

iEYEARECAAYFAk8xJx4ACgkQHduKvUAgeK7S3QCeN7+y537+SukPADa+/geaI27O
1RUAoIiQg6laelpyPVQ2nYtQLlTBj/oX
=uSu3
-----END PGP SIGNATURE-----

--9jxsPFA5p3P2qPhR--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20120207132903.GA4616>