Re: [PATCH] Tighten /etc/crontab permissions

On Thu, 12 Aug 2004, Xin LI wrote:

> I think I would want to compromise at this point ;)  In addition of this,
> personally I suggest the following changes to be made:
>
> 	- Provide an option in sysinstall so users will be instructed
> 	  to choose whether to ``lockdown'' their systems as soon as
> 	  the configuration is completed.  Also, include this utility
> 	  in the installation disc.
> 	- Add a new security audit script which will tell admins that
> 	  the permission of "watched" configurations was altered.
> 	  This might be turned off by default, or even a depency port
> 	  of lockdown, to provide a mechanism to detect potential
> 	  break-ins earlier, and to notice users when something like
> 	  mergemaster or manual etc/ upgrades has reverted the
> 	  permissions.
>
> What do you think about this?  Actually the FreeBSD Simplified Chinese
> project is recently coordinating an effort of making an Internationalized
> FreeBSD Installer, I think we will try to implement these
> things if they looks better.

Those sound like good goals, I wish you great luck with them. :)

Doug

-- 

     This .signature sanitized for your protection

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"