Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Borrowing a bit of experience -- hardening FreeBSD --
Operating Systems BSD Borrowing a bit of experience -- hardening FreeBSD -- Post 302900608 by MadeInGermany on Wednesday 7th of May 2014 06:39:09 PM
Old 05-07-2014
Just seeing this post.
Besides remote scanners like nmap you perhaps can run the following script.
Code:
#!/bin/sh
# This script detects world-wide writable files that can make the OS unsafe.
# It lists them as shell commands that would do fixes. (Pipe it to sh for execution!)

# No wildcard globbing
set -f

# Safe PATH
export PATH
PATH=/bin:/usr/bin:/usr/sbin:/sbin

# Get "mtab"
# Seems like a hack but is better portable than df
#
for mtab in /etc/mnttab /etc/mtab /proc/mounts
do
  [ -f $mtab ] && break
done
if [ ! -f $mtab ]
then
  echo "UNKNOWN: no $mtab"
  exit 3
fi

# Knowing that / is the first mounted OS disk,
# get all disks of the same type from mtab
#
awk '$2=="/" {type=$3} $3==type {print $2}' $mtab |
# and process each disk
while read mdir
do
 # only consider directories that belong to a Unix OS
 case $mdir/ in
 //|/tmp/*|/var/*|/usr/*|/opt/*|/etc/*|/dev/*|/stand/*|/boot/*)
  # List world-writable files and directories together with a command that restricts it.
  # Assume that a directory ending with /tmp is a temporary directory: do not descend and set the t bit.
  find "$mdir" -xdev \( -type f -o -type d \! -perm -1000 \) -perm -2 \( -type d -name tmp -prune -exec echo chmod +t {} \; -o -exec echo chmod o-w {} \; \) -o -type d -name tmp -prune
 ;;
 esac
done

I don't have a BSD system, so am interested if it runs at all...
 

6 More Discussions You Might Find Interesting

1. Programming

copying or concatinating string from 1st bit, leaving 0th bit

Hello, If i have 2 strings str1 and str2, i would like to copy/concatenate str2 to str1, from 1st bit leaving the 0th bit. How do i do it? (2 Replies)
Discussion started by: jazz
2 Replies

2. UNIX for Dummies Questions & Answers

I'm looking for a 64-bit Desktop that will run Windows, Linspire, FreeBSD and Solaris

Ok, I've been shopping around and I've seen some nice one's, but they are either too expensive or they are not 64-bit; I want to be prepared for the future at the right price (under $3,000 with a decent configuration)! :D Where can I find a good 64-bit desktop or workstation that will run the... (0 Replies)
Discussion started by: Mr. Nice Guy
0 Replies

3. Red Hat

boot the 32 bit kernel on a 64 bit PPC Linux machine?

Hi all, I'm looking to cover a corner case for an upcoming test cycle. Is there a way to boot a RedHat Advanced Server 4 (update 3) installed on a Power PC machine to use a 32 bit kernel? This would be similar to what is done here -> https://www.unix.com/aix/26204-aix-platform.html I've done... (0 Replies)
Discussion started by: philrau
0 Replies

4. UNIX for Advanced & Expert Users

migrating unix mp-ras 32 bit to linux suse 64 bit

Hi. I need to migrate the whole unix environment from a Unix mp-ras 32 bit to a Linux Suse 64 bit. 1) can i use cpio to copy the data? 2) can i just copy the users from unix to linux or do i have to create them by hand 3) are there any other concerns i should worry about? thanx (1 Reply)
Discussion started by: mrodrig
1 Replies

5. Shell Programming and Scripting

How to handle 64 bit arithmetic operation at 32 bit compiled perl interpreter?H

Hi, Here is the issue. From the program snippet I have Base: 0x1800000000, Size: 0x3FFE7FFFFFFFF which are of 40 and 56 bits. SO I used use bignum to do the math but summing them up I always failed having correct result. perl interpreter info, perl, v5.8.8 built for... (0 Replies)
Discussion started by: rrd1986
0 Replies

6. Windows & DOS: Issues & Discussions

Which version of Windows Vista to install with a product key? 32-bit or 64-bit?

Hello everyone. I bought a dell laptop (XPS M1330) online which came without a hard drive. There is a Windows Vista Ultimate OEMAct sticker with product key at the bottom case. I checked dell website (here) for this model and it says this model supports both 32 and 64-bit version of Windows... (4 Replies)
Discussion started by: milhan
4 Replies

LEARN ABOUT REDHAT

fixmount

FIXMOUNT(8)						      System Manager's Manual						       FIXMOUNT(8)

NAME

       fixmount - fix remote mount entries

SYNOPSIS

       fixmount [ -adervq ] [ -h name ] host ...

DESCRIPTION

       fixmount  is  a	variant  of  showmount(8)  that can delete bogus mount entries in remote mountd(8C) daemons.  The actions specified by the
       options are performed for each host in turn.

OPTIONS

       -a -d -e
	      These options work as in showmount(8) except that only entries pertaining to the local host are printed.

       -r     Removes those remote mount entries on host that do not correspond to current mounts, i.e., which are left-over from a crash  or  are
	      the result of improper mount protocol.  The actuality of mounts is verified using the entries in /etc/mtab.

       -v     Verify  remote  mounts.	Similar  to  -r except that only a notification message is printed for each bogus entry found.	The remote
	      mount table is not changed.

       -A     Issues a command to the remote mountd declaring that ALL of its filesystems have been unmounted.	This should be used with  caution,
	      as it removes all remote mount entries pertaining to the local system, whether or not any filesystems are still mounted locally.

       -q     Be  quiet.   Suppresses error messages due to timeouts and "Program not registered", i.e., due to remote hosts not supporting RPC or
	      not running mountd.

       -h name
	      Pretend the local hostname is name.  This is useful after the local hostname has been changed and rmtab entries using the  old  name
	      remain  on  a  remote  machine.	Unfortunately, most mountd's won't be able to successfully handle removal of such entries, so this
	      option is useful in combination with -v only.
	      This option also saves time as comparisons of remotely recorded and local hostnames by address are avoided.

FILES

       /etc/mtab	   List of current mounts.
       /etc/rmtab	   Backup file for remote mount entries on NFS server.

SEE ALSO

       showmount(8), mtab(5), rmtab(5), mountd(8C).

BUGS

       No attempt is made to verify the information in /etc/mtab itself.

       Since swap file mounts are not recorded in /etc/mtab, a heuristic specific to SunOS is used to determine whether such  a  mount	is  actual
       (replacing the string "swap" with "root" and verifying the resulting path).

       Symbolic links on the server will cause the path in the remote entry to differ from the one in /etc/mtab.  To catch those cases, a filesys-
       tem is also  deemed  mounted  if  its  local  mount  point  is  identical  to  the  remote  entry.   I.e.,  on  a  SunOS  diskless  client,
       server:/export/share/sunos.4.1.1 is actually /usr/share.  Since the local mount point is /usr/share as well this will be handled correctly.

       There is no way to clear a stale entry in a remote mountd after the local hostname (or whatever reverse name resolution returns for it) has
       been changed.  To take care of these cases, the remote /etc/rmtab file has to be edited and mountd restarted.

       The RPC timeouts for mountd calls can only be changed by recompiling.  The defaults are 2 seconds for client handle creation and 5  seconds
       for RPC calls.

								    26 Feb 1993 						       FIXMOUNT(8)
All times are GMT -4. The time now is 08:57 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy