[PATCH] Tighten /etc/crontab permissions
Doug Barton
DougB at FreeBSD.org
Wed Aug 11 21:57:03 PDT 2004
On Thu, 12 Aug 2004, Xin LI wrote:
> I think I would want to compromise at this point ;) In addition of this,
> personally I suggest the following changes to be made:
>
> - Provide an option in sysinstall so users will be instructed
> to choose whether to ``lockdown'' their systems as soon as
> the configuration is completed. Also, include this utility
> in the installation disc.
> - Add a new security audit script which will tell admins that
> the permission of "watched" configurations was altered.
> This might be turned off by default, or even a depency port
> of lockdown, to provide a mechanism to detect potential
> break-ins earlier, and to notice users when something like
> mergemaster or manual etc/ upgrades has reverted the
> permissions.
>
> What do you think about this? Actually the FreeBSD Simplified Chinese
> project is recently coordinating an effort of making an Internationalized
> FreeBSD Installer, I think we will try to implement these
> things if they looks better.
Those sound like good goals, I wish you great luck with them. :)
Doug
--
This .signature sanitized for your protection
More information about the freebsd-security
mailing list