[nycbug-talk] BSD Chapter in HLE

Ray Lai nycbug at cyth.net
Fri Sep 15 18:27:18 EDT 2006

On Fri, Sep 15, 2006 at 06:05:41PM -0400, George R. wrote:
> Ray Lai wrote:
> > On Fri, Sep 15, 2006 at 01:58:37PM -0400, George R. wrote:
> >>>  	- /etc/ssh/sshd_config
> >> question of root enabled by default, although I think this has changed
> >> now with obsd.
> > 
> > Nope, still enabled.
> double negative time. . . I don't have a recent obsd box to look at, but
> I am stating that I think that obsd *now* enabled default root access as
> per sshd_conf.. . am i correct or wrong?
> I remember the arguments around this. . .

root has always been enabled in sshd.

> and dru, don't forget your mtree-as-poorman's-tripwire. . . but again,
> found both in linux and the bsds.

Example usage can be found in security(8):

	Check for permission changes in special files and system
	binaries listed in /etc/mtree/special.  security also provides
	hooks for administrators to create their own lists.  These lists
	should be kept in /etc/mtree/ and filenames must have the suffix
	``.secure''.  The following example shows how to create such a
	list, to protect the home directory of user ``bob'':

	    # mtree -cx -p /home/bob -K md5digest,type >/etc/mtree/bob.secure
	    # chown root:wheel /etc/mtree/bob.secure
	    # chmod 600 /etc/mtree/bob.secure

	Note: These checks do not provide complete protection against
	Trojan horsed binaries, as the miscreant can modify the tree
	specification to match the replaced binary.  For details on
	really protecting yourself against modified binaries, see


More information about the talk mailing list