Date: Thu, 26 Jun 1997 22:49:16 -0400 (EDT) From: Adam Shostack <adam@homeport.org> To: steve@edmweb.com (Steve) Cc: gfm@readybox.com, freebsd-security@FreeBSD.ORG Subject: Re: Minimum files for operation Message-ID: <199706270249.WAA12067@homeport.org> In-Reply-To: <199706270133.SAA25974@kirk.edmweb.com> from Steve at "Jun 26, 97 06:33:50 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Steve wrote: | > The security-related literature I've been through emphasizes the need | > to secure the hosts themselves, partly through removing any unneeded | > files. (If you're running a mail hub, you probably don't need a C | > compiler. If you are providing only Web service with static pages, | > you should remove the perl interpreter. And so on.) | | I wouldn't worry about such things. If someone has broken in to your | system, they can upload the C compiler, Perl interpreter, and whatever | else they need. Clever use of redirection is all it takes. Uploading a C compiler or perl involves a lot of disk space and effort. Removing servers, daemons, and other things is clearly worthwhile. I think there's a win in removing uname and other things, and making your attacker go through some effort. (assuming that you go through less.) Steve's other advice about removing set*id stuff is very good. Its also worth mounting most disks nosetuid/nodev. Adam | What you _should_ worry about are the privileged programs that are | set-UID or set-GID. FreeBSD (2.1-stable at least, probably most or all | other versions) has a "security" script that runs every night and | places a list of all suid programs and devices in /var/log/setuid.today | It would be a good idea to look at that list and then use chmod to | remove the suid bit from programs that you don't need. You may also | need to use chflags to remove the schg (immutable) flag before chmod. -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706270249.WAA12067>