[nycbug-talk] A couple of security related questions

Marc Spitzer mspitze1
Mon Oct 4 22:11:10 EDT 2004


On Mon, 04 Oct 2004 14:09:17 -0400 (EDT)
Dru <dlavigne6 at sympatico.ca> wrote:

> 
> 
> On Mon, 4 Oct 2004, Steve Rieger wrote:
> 
> >>
> >>
> >> On Mon, 4 Oct 2004, Steve Rieger wrote:
> >>
> >>> Is it possible to disable root access except from console logins,
> >>> Do you guys recommend putting rcs on /etc and /sbin etc...
> >>
> >>
> >> I think you're looking for "man 5 login.access". Michael Lucas
> >wrote a bit> about it here:
> >>
> >> http://www.onlamp.com/pub/a/bsd/2001/06/28/Big_Scary_Daemons.html
> >>
> >> It's also in hack #34 of BSD Hacks ;-)
> >>
> >> I'm not sure what you're asking about with "rcs"... Are you
> >referring to> some sort of tripwire database or tightening up
> >permissions?>
> >> Dru
> >>
> > With rcs, I want that in order for anybody to be able change any
> > file or settings in /etc/and the sbin's they would have to check it
> > out with rcs first.
> >
> > I just want to know if this is advisable or is there a better way ti
> > create a backup copy everytime somebody wants to make any change in
> > the /etc and sbin's
> 
> 
> That's a cool idea. Anyone either implementing this or seen it
> implemented out in the wild?

There is one problem with it though, I know I am entirely too good at
finding problems, everybody has to be good all the time or your system
does not work.  An alternative is to either tar up /etc every night or
run a batch job with your favorite VC(rcs, cvs, arch,...) software as a
cron job.  After all if it broke on Tuesday and you can see all changes
between Tuesday 1:30 am and now it should be pretty easy to fix or roll
back.  And you do not have to remember to be good all the time.  

marc 

> 
> Dru
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
> % Be sure to check out our Jobs and NYCBUG-announce lists
> % We meet the first Wednesday of the month




More information about the talk mailing list