On Fri, Mar 23, 2001 at 07:14:45PM +0800, Chih hung Feng wrote: > on 3/22/2001 2:58 AM, Daniel McCranie at sfmlat_private wrote: > > 3,4,5: I know that this probably wouldn't be good in a standard > > distro but what about a hardening kit? Has this been tried before? > > Is there something blatantly wrong? > > Some systems, like FreeBSD, set immutable flags for all setuid program > by default. However this doesn't give you extra security cause the > system runs in insecure mode after installation is finished (I don't > recall FreeBSD provides secure-level options during installation). It does, since 4.2-RELEASE. It lets you configure the 'security profile' of the installed/upgraded system, with four choices: Low, Medium, High and Extreme. Among other things (inetd/sendmail/portmap/NFS/sshd), the security profile sets the securelevel. G'luck, Peter -- "yields falsehood, when appended to its quotation." yields falsehood, when appended to its quotation.
This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 09:42:48 PDT