On Fri, 29 Mar 2002, Lucio Chiappetti wrote:
> We are discussing here ways of securing our systems, and in particular
> we are comparing the list of daemons started at boot or by inetd.conf
> on Alphas, Suns and Linux SUSE.
In addition to the above business (on which I summarize below), and in
further attempt of securing our systems, I'm now running some crontab
scripts which looks for "unexpected" changes in files in sensitive
directories and also for INTRINSICALLY UNSECURE files.
I consider INTRINSICALLY UNSECURE files and directories which are
WORLD-WRITABLE (??????rw?).
In particular I've found the following directories or files with write
permission in system directories :
/tmp
/usr/var/tmp
/usr/var/spool/mail
these three have the sticky bit set, so once I check that only "expected"
users write there I am not concerned about their security.
/usr/var/adm/MM0msgs
why is this -rw-rw-rw- ? Can I do chmod o-w ?
/usr/var/esnmp/*
I found various world writable files in this directory, all with very old
dates. I am not aware to use them in any way so I did chmod o-w. Any
objection ?
/usr/spool/uucppublic
This I also did a chmod o-w since I'm not using it. Objections ?
--------------------------------------------------------------------
and now a quick summary about "useless daemons"
After a few replies on this list I proceeded as follows
In inetd.conf I've commented out exec comsat ntalk kdebug and rquotad
So these daemons won't start via inetd
In /sbin/init.d I've stopped the deamons and renamed the following
scripts in rc?.d : common_agent snmpd mmserver nsrd
I'm running in such conditions without problems.
----------------------------------------------------------------------------
Lucio Chiappetti - IFCTR/CNR - via Bassini 15 - I-20133 Milano (Italy)
----------------------------------------------------------------------------
"This land .. is my land .. e no xe una portaerei"
[English in the original] [and is not an aircraft carrier]
M.Paolini - I cani del gas - Bestiario italiano
----------------------------------------------------------------------------
For more info :
http://www.ifctr.mi.cnr.it/~lucio/personal.html
----------------------------------------------------------------------------
Received on Mon Apr 08 2002 - 17:32:26 NZST