Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Borrowing a bit of experience -- hardening FreeBSD --
Operating Systems BSD Borrowing a bit of experience -- hardening FreeBSD -- Post 302900608 by MadeInGermany on Wednesday 7th of May 2014 06:39:09 PM
Old 05-07-2014
Just seeing this post.
Besides remote scanners like nmap you perhaps can run the following script.
Code:
#!/bin/sh
# This script detects world-wide writable files that can make the OS unsafe.
# It lists them as shell commands that would do fixes. (Pipe it to sh for execution!)

# No wildcard globbing
set -f

# Safe PATH
export PATH
PATH=/bin:/usr/bin:/usr/sbin:/sbin

# Get "mtab"
# Seems like a hack but is better portable than df
#
for mtab in /etc/mnttab /etc/mtab /proc/mounts
do
  [ -f $mtab ] && break
done
if [ ! -f $mtab ]
then
  echo "UNKNOWN: no $mtab"
  exit 3
fi

# Knowing that / is the first mounted OS disk,
# get all disks of the same type from mtab
#
awk '$2=="/" {type=$3} $3==type {print $2}' $mtab |
# and process each disk
while read mdir
do
 # only consider directories that belong to a Unix OS
 case $mdir/ in
 //|/tmp/*|/var/*|/usr/*|/opt/*|/etc/*|/dev/*|/stand/*|/boot/*)
  # List world-writable files and directories together with a command that restricts it.
  # Assume that a directory ending with /tmp is a temporary directory: do not descend and set the t bit.
  find "$mdir" -xdev \( -type f -o -type d \! -perm -1000 \) -perm -2 \( -type d -name tmp -prune -exec echo chmod +t {} \; -o -exec echo chmod o-w {} \; \) -o -type d -name tmp -prune
 ;;
 esac
done

I don't have a BSD system, so am interested if it runs at all...
 

6 More Discussions You Might Find Interesting

1. Programming

copying or concatinating string from 1st bit, leaving 0th bit

Hello, If i have 2 strings str1 and str2, i would like to copy/concatenate str2 to str1, from 1st bit leaving the 0th bit. How do i do it? (2 Replies)
Discussion started by: jazz
2 Replies

2. UNIX for Dummies Questions & Answers

I'm looking for a 64-bit Desktop that will run Windows, Linspire, FreeBSD and Solaris

Ok, I've been shopping around and I've seen some nice one's, but they are either too expensive or they are not 64-bit; I want to be prepared for the future at the right price (under $3,000 with a decent configuration)! :D Where can I find a good 64-bit desktop or workstation that will run the... (0 Replies)
Discussion started by: Mr. Nice Guy
0 Replies

3. Red Hat

boot the 32 bit kernel on a 64 bit PPC Linux machine?

Hi all, I'm looking to cover a corner case for an upcoming test cycle. Is there a way to boot a RedHat Advanced Server 4 (update 3) installed on a Power PC machine to use a 32 bit kernel? This would be similar to what is done here -> https://www.unix.com/aix/26204-aix-platform.html I've done... (0 Replies)
Discussion started by: philrau
0 Replies

4. UNIX for Advanced & Expert Users

migrating unix mp-ras 32 bit to linux suse 64 bit

Hi. I need to migrate the whole unix environment from a Unix mp-ras 32 bit to a Linux Suse 64 bit. 1) can i use cpio to copy the data? 2) can i just copy the users from unix to linux or do i have to create them by hand 3) are there any other concerns i should worry about? thanx (1 Reply)
Discussion started by: mrodrig
1 Replies

5. Shell Programming and Scripting

How to handle 64 bit arithmetic operation at 32 bit compiled perl interpreter?H

Hi, Here is the issue. From the program snippet I have Base: 0x1800000000, Size: 0x3FFE7FFFFFFFF which are of 40 and 56 bits. SO I used use bignum to do the math but summing them up I always failed having correct result. perl interpreter info, perl, v5.8.8 built for... (0 Replies)
Discussion started by: rrd1986
0 Replies

6. Windows & DOS: Issues & Discussions

Which version of Windows Vista to install with a product key? 32-bit or 64-bit?

Hello everyone. I bought a dell laptop (XPS M1330) online which came without a hard drive. There is a Windows Vista Ultimate OEMAct sticker with product key at the bottom case. I checked dell website (here) for this model and it says this model supports both 32 and 64-bit version of Windows... (4 Replies)
Discussion started by: milhan
4 Replies

LEARN ABOUT OSX

xfs_fsr

xfs_fsr(8)						      System Manager's Manual							xfs_fsr(8)

NAME

       xfs_fsr - filesystem reorganizer for XFS

SYNOPSIS

       xfs_fsr [-v] [-t seconds] [-f leftoff] [-m mtab]
       xfs_fsr [-v] [xfsdev | file] ...

DESCRIPTION

       xfs_fsr is applicable only to XFS filesystems.

       xfs_fsr	improves the organization of mounted filesystems.  The reorganization algorithm operates on one file at a time, compacting or oth-
       erwise improving the layout of the file extents (contiguous blocks of file data).

       The following options are accepted by xfs_fsr.  The -m, -t, and -f options have no meaning if any filesystems or files are specified on the
       command line.

       -m mtab	    Use this file for the list of filesystems to reorganize.  The default is to use /etc/mtab.

       -t seconds   How long to reorganize.  The default is 7200 (2 hours).

       -f leftoff   Use  this  file  instead  of /var/tmp/.fsrlast to read the state of where to start and as the file to store the state of where
		    reorganization left off.

       -v	    Verbose.  Print cryptic information about each file being reorganized.

       When invoked with no arguments xfs_fsr reorganizes all regular files in all mounted filesystems.  xfs_fsr makes many cycles over  /etc/mtab
       each time making a single pass over each XFS filesystem.  Each pass goes through and selects files that have the largest number of extents.
       It attempts to defragment the top 10% of these files on each pass.

       It runs for up to two hours after which it records the filesystem where it left off, so it can start there the next time.  This information
       is  stored in the file /var/tmp/.fsrlast_xfs.  If the information found here is somehow inconsistent or out of date it is ignored and reor-
       ganization starts at the beginning of the first filesystem found in /etc/mtab.

       xfs_fsr can be called with one or more arguments naming filesystems (block device name), and files to reorganize.   In  this  mode  xfs_fsr
       does  not  read or write /var/tmp/.fsrlast_xfs nor does it run for a fixed time interval.  It makes one pass through each specified regular
       file and all regular files in each specified filesystem.  A command line name referring to  a  symbolic	link  (except  to  a  file  system
       device), FIFO, or UNIX domain socket generates a warning message, but is otherwise ignored.  While traversing the filesystem these types of
       files are silently skipped.

FILES

       /etc/mtab	    contains default list of filesystems to reorganize.
       /var/tmp/.fsrlast_xfs
			    records the state where reorganization left off.

SEE ALSO

       xfs_fsr(8), mkfs.xfs(8), xfs_ncheck(8), xfs(5).

NOTES

       xfs_fsr improves the layout of extents for each file by copying the entire file to a temporary location and  then  interchanging  the  data
       extents	of  the target and temporary files in an atomic manner.  This method requires that enough free disk space be available to copy any
       given file and that the space be less fragmented than the original file.  It also requires the owner of the file to have  enough  remaining
       filespace  quota  to  do the copy on systems running quotas.  xfs_fsr generates a warning message if space is not sufficient to improve the
       target file.

       A temporary file used in improving a file given on the command line is created in the same parent directory of the target file and is  pre-
       fixed by the string '.fsr'.  The temporary files used in improving an entire XFS device are stored in a directory at the root of the target
       device and use the same naming scheme.  The temporary files are unlinked upon creation so data will not be readable by any other process.

       xfs_fsr does not operate on files that are currently mapped in memory.  A 'file busy' error can be seen for these files if the verbose flag
       (-v) is set.

       Files  marked  as no-defrag will be skipped. The xfs_io(8) chattr command with the f attribute can be used to set or clear this flag. Files
       and directories created in a directory with the no-defrag flag will inherit the attribute.

       An entry in /etc/mtab or the file specified using the -m option must have the rw option specified for  read  and  write	access.   If  this
       option is not present, then xfs_fsr skips the filesystem described by that line.  See the fstab(5) reference page for more details.

       In  general  we	do  not foresee the need to run xfs_fsr on system partitions such as /, /boot and /usr as in general these will not suffer
       from fragmentation.  There are also issues with defragmenting files lilo(8) uses to boot your system. It is recommended	that  these  files
       should  be  flagged  as no-defrag with the xfs_io(8) chattr command. Should these files be moved by xfs_fsr then you must rerun lilo before
       you reboot or you may have an unbootable system.

																	xfs_fsr(8)
All times are GMT -4. The time now is 08:04 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy