[nycbug-talk] A couple of security related questions
Brad Schonhorst
bschonhorst
Tue Oct 5 09:39:39 EDT 2004
On Oct 4, 2004, at 2:09 PM, Dru wrote:
>
>
> On Mon, 4 Oct 2004, Steve Rieger wrote:
>
>>>
>>>
>>> On Mon, 4 Oct 2004, Steve Rieger wrote:
>>>
>>>> Is it possible to disable root access except from console logins,
>>>> Do you guys recommend putting rcs on /etc and /sbin etc...
>>>
>>>
>>> I think you're looking for "man 5 login.access". Michael Lucas wrote
>>> a bit
>>> about it here:
>>>
>>> http://www.onlamp.com/pub/a/bsd/2001/06/28/Big_Scary_Daemons.html
>>>
>>> It's also in hack #34 of BSD Hacks ;-)
>>>
>>> I'm not sure what you're asking about with "rcs"... Are you
>>> referring to
>>> some sort of tripwire database or tightening up permissions?
>>>
>>> Dru
>>>
>> With rcs, I want that in order for anybody to be able change any file
>> or
>> settings in /etc/and the sbin's they would have to check it out with
>> rcs
>> first.
>>
>> I just want to know if this is advisable or is there a better way ti
>> create
>> a backup copy everytime somebody wants to make any change in the /etc
>> and
>> sbin's
>
>
> That's a cool idea. Anyone either implementing this or seen it
> implemented out in the wild?
I set something similar up at an ISP I worked for. We used CVS to
manage changes made to all configuration files dealing with web
hosting. So when a customer added features to their hosting package,
say they wanted a static IP, a script would be run that would update
the files and check it back in to CVS. Before I left, we had planned
to managed our DNS servers in a similar fashion. Made for an excellent
way to track changes or any typos that might pop up.
-brad
______________
Brad Schonhorst
Network Administrator
Village Community School
More information about the talk
mailing list