Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 26 Oct 1999 22:32:18 -0700
From:      "Dr. Dave" <dave@sneakerz.org>
To:        "Jean-Pierre H. Dumas" <jphdumas@yahoo.fr>
Cc:        FreeBSD-Security@freebsd.org
Subject:   Re: Security tests
Message-ID:  <19991026223218.B8498@sneakerz.org>
In-Reply-To: <19991026143635.25359.rocketmail@web1003.mail.yahoo.com>; from Jean-Pierre H. Dumas on Tue, Oct 26, 1999 at 04:36:35PM %2B0200
References:  <19991026143635.25359.rocketmail@web1003.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Oct 26, 1999 at 04:36:35PM +0200, Jean-Pierre H. Dumas wrote:
> This is to verify the security of a FreeBSD 3.2
> server I am installing. To be used as a POP3 toaster,
> with qmail and vmailmgr.
> 
> I installed and ran COPS (a really old one).
> It screamed at me about the /var/spool/uucppublic
> directory as beeing *world* writable.
> It barfed on the passwd and group having the wrong
> number of fields (I assume this is because of the
> use of perl 5 vs perl 3 at the time of creation
> of COPS, something like @_ changed meaning ?)
> Question: is the permission of /var/spool/uucppublic
> correct once in drwxrwxr-x ? (I do not use uucp,
> but...)

Cops is VERY old and outdated.  If you would like some more recent security tools, visit http://www.securityfocus.com, they also have a bug tracking archive that you can search through by OS.  Keeping security on a system is alot more than installing the packages from /usr/ports/security.

> Question: What can I do more to have a realistic
> report about this server's security ?

If this is a corporate environment you may want to look into a site licence for IIS, internet security scanner, http://www.iss.net

 
> Is there any other scanners or whatever that I can get
> and run, either from within the server, or from
> outside (I have a FreeBSD 3.2, Linux and Windows 95
> machine on the Ethernet)

If you are looking for portscanners, you may want to look at nmap, http://www.insecure.org/nmap

-- 
--------------------------------------------------------------------------
Dave McKay                                      dave@sneakerz.org              
MSN Hotmail                                     http://www.hotmail.com
--------------------------------------------------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991026223218.B8498>