Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 Feb 2000 13:42:14 -0600
From:      "Jeffrey J. Mountin" <jeff-ml@mountin.net>
To:        Andrey Novikov <scriber@webclub.ru>, freebsd-security@FreeBSD.ORG
Subject:   Re: schg flag
Message-ID:  <3.0.3.32.20000229134214.00804590@207.227.119.2>
In-Reply-To: <00022921443000.05868@novikov.web2000.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
At 09:40 PM 2/29/00 +0300, Andrey Novikov wrote:
>Hello,
>
>It seems to me that it will be more secure for my
>public server to say at least:
>
>chflags schg /bin/*
>chflags schg /sbin/*
>chflags schg /usr/bin/*
>chflags schg /usr/sbin/*
>chflags schg /usr/local/bin/*
>chflags schg /usr/local/sbin/*
>
>to prevent any troyans in my system binaries, am I wrong?
>Would it confuse future makeworlds on that system?

Prevent trojans, depends.  Makeworld, no.  Installworld, yes.

Without getting into an often discussed topic, you forgot some dirs and
should consider "ro" flags for mounting /usr and a higher securelevel.
Also moving services to other servers that do not allow telnet/ssh.

Many paths.  Read up and choose one.


Jeff Mountin - jeff@mountin.net
Systems/Network Administrator
FreeBSD - the power to serve



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.3.32.20000229134214.00804590>