[nycbug-talk] A couple of security related questions

Steve Rieger steve.rieger
Mon Oct 4 14:43:03 EDT 2004


> 
> 
> On Mon, 4 Oct 2004, Steve Rieger wrote:
> 
>>> 
>>> 
>>> On Mon, 4 Oct 2004, Steve Rieger wrote:
>>> 
>>>> Is it possible to disable root access except from console logins,
>>>> Do you guys recommend putting rcs on /etc and /sbin etc...
>>> 
>>> 
>>> I think you're looking for "man 5 login.access". Michael Lucas wrote a bit
>>> about it here:
>>> 
>>> http://www.onlamp.com/pub/a/bsd/2001/06/28/Big_Scary_Daemons.html
>>> 
>>> It's also in hack #34 of BSD Hacks ;-)
>>> 
>>> I'm not sure what you're asking about with "rcs"... Are you referring to
>>> some sort of tripwire database or tightening up permissions?
>>> 
>>> Dru
>>> 
>> With rcs, I want that in order for anybody to be able change any file or
>> settings in /etc/and the sbin's they would have to check it out with rcs
>> first.
>> 
>> I just want to know if this is advisable or is there a better way ti create
>> a backup copy everytime somebody wants to make any change in the /etc and
>> sbin's
> 
> 
> That's a cool idea. Anyone either implementing this or seen it implemented
> out in the wild?
> 
> Dru
> 
I did it a long time ago on solaris, and it worked great, but I wondered if
anybody did this on fbsd,.... Or perhaps you have a better way of ensuring
change management on certain dir's
-- 
Steve Rieger
Ext; 1131
Cell 646-335-8915
DC 173*101254*4






More information about the talk mailing list