Borrowing a bit of experience -- hardening FreeBSD -- Post: 302900608

Sponsored Content

Operating Systems BSD Borrowing a bit of experience -- hardening FreeBSD -- Post 302900608 by MadeInGermany on Wednesday 7th of May 2014 06:39:09 PM

05-07-2014

Registered User

Just seeing this post.
Besides remote scanners like nmap you perhaps can run the following script.

Code:

#!/bin/sh
# This script detects world-wide writable files that can make the OS unsafe.
# It lists them as shell commands that would do fixes. (Pipe it to sh for execution!)

# No wildcard globbing
set -f

# Safe PATH
export PATH
PATH=/bin:/usr/bin:/usr/sbin:/sbin

# Get "mtab"
# Seems like a hack but is better portable than df
#
for mtab in /etc/mnttab /etc/mtab /proc/mounts
do
  [ -f $mtab ] && break
done
if [ ! -f $mtab ]
then
  echo "UNKNOWN: no $mtab"
  exit 3
fi

# Knowing that / is the first mounted OS disk,
# get all disks of the same type from mtab
#
awk '$2=="/" {type=$3} $3==type {print $2}' $mtab |
# and process each disk
while read mdir
do
 # only consider directories that belong to a Unix OS
 case $mdir/ in
 //|/tmp/*|/var/*|/usr/*|/opt/*|/etc/*|/dev/*|/stand/*|/boot/*)
  # List world-writable files and directories together with a command that restricts it.
  # Assume that a directory ending with /tmp is a temporary directory: do not descend and set the t bit.
  find "$mdir" -xdev \( -type f -o -type d \! -perm -1000 \) -perm -2 \( -type d -name tmp -prune -exec echo chmod +t {} \; -o -exec echo chmod o-w {} \; \) -o -type d -name tmp -prune
 ;;
 esac
done

I don't have a BSD system, so am interested if it runs at all...

MadeInGermany

View Public Profile for MadeInGermany

Find all posts by MadeInGermany

6 More Discussions You Might Find Interesting

1. Programming

copying or concatinating string from 1st bit, leaving 0th bit

Hello, If i have 2 strings str1 and str2, i would like to copy/concatenate str2 to str1, from 1st bit leaving the 0th bit. How do i do it?

2. UNIX for Dummies Questions & Answers

I'm looking for a 64-bit Desktop that will run Windows, Linspire, FreeBSD and Solaris

Ok, I've been shopping around and I've seen some nice one's, but they are either too expensive or they are not 64-bit; I want to be prepared for the future at the right price (under $3,000 with a decent configuration)! :D Where can I find a good 64-bit desktop or workstation that will run the...

3. Red Hat

boot the 32 bit kernel on a 64 bit PPC Linux machine?

Hi all, I'm looking to cover a corner case for an upcoming test cycle. Is there a way to boot a RedHat Advanced Server 4 (update 3) installed on a Power PC machine to use a 32 bit kernel? This would be similar to what is done here -> https://www.unix.com/aix/26204-aix-platform.html I've done...

4. UNIX for Advanced & Expert Users

migrating unix mp-ras 32 bit to linux suse 64 bit

Hi. I need to migrate the whole unix environment from a Unix mp-ras 32 bit to a Linux Suse 64 bit. 1) can i use cpio to copy the data? 2) can i just copy the users from unix to linux or do i have to create them by hand 3) are there any other concerns i should worry about? thanx

5. Shell Programming and Scripting

How to handle 64 bit arithmetic operation at 32 bit compiled perl interpreter?H

Hi, Here is the issue. From the program snippet I have Base: 0x1800000000, Size: 0x3FFE7FFFFFFFF which are of 40 and 56 bits. SO I used use bignum to do the math but summing them up I always failed having correct result. perl interpreter info, perl, v5.8.8 built for...

6. Windows & DOS: Issues & Discussions

Which version of Windows Vista to install with a product key? 32-bit or 64-bit?

Hello everyone. I bought a dell laptop (XPS M1330) online which came without a hard drive. There is a Windows Vista Ultimate OEMAct sticker with product key at the bottom case. I checked dell website (here) for this model and it says this model supports both 32 and 64-bit version of Windows...

LEARN ABOUT DEBIAN

qmail-start

qmail-start(8)						      System Manager's Manual						    qmail-start(8)

NAME

       qmail-start - turn on mail delivery

SYNOPSIS

       qmail-start [ defaultdelivery [ logger arg ...  ] ]

DESCRIPTION

       qmail-start  invokes qmail-send, qmail-lspawn, qmail-rspawn, and qmail-clean, under the proper uids and gids.  These four daemons cooperate
       to deliver messages from the queue.

       qmail-start arranges for qmail-send's activity record to be sent to qmail-start's output.  See qmail-log(5) for the format of the  activity
       record.	Other than this, qmail-start does not print anything, even on failure.

       If defaultdelivery is supplied, qmail-start passes it to qmail-lspawn.

       If logger is supplied, qmail-start invokes logger with the given arguments, and feeds qmail-send's activity record through logger.

       Environment variables given to qmail-start will eventually be passed on to qmail-local, so make sure to clean up the environment if you run
       qmail-start manually:

	  # env - PATH="/var/lib/qmail/bin:$PATH"
	  qmail-start ./Mailbox splogger qmail &
	  (all on one line)

       Resource limits, controlling ttys, et al. are also passed from qmail-start to qmail-local.

       Note that qmail-send normally juggles several simultaneous deliveries.  To reduce qmail-send's impact on other programs, you can run qmail-
       start with a low priority.

SEE ALSO

       logger(1), splogger(1), nice(1), qmail-log(5), qmail-local(8), qmail-clean(8), qmail-lspawn(8), qmail-rspawn(8), qmail-send(8)

																    qmail-start(8)