[nycbug-talk] A couple of security related questions

Brad Schonhorst bschonhorst
Tue Oct 5 09:39:39 EDT 2004

On Oct 4, 2004, at 2:09 PM, Dru wrote:

> On Mon, 4 Oct 2004, Steve Rieger wrote:
>>> On Mon, 4 Oct 2004, Steve Rieger wrote:
>>>> Is it possible to disable root access except from console logins,
>>>> Do you guys recommend putting rcs on /etc and /sbin etc...
>>> I think you're looking for "man 5 login.access". Michael Lucas wrote 
>>> a bit
>>> about it here:
>>> http://www.onlamp.com/pub/a/bsd/2001/06/28/Big_Scary_Daemons.html
>>> It's also in hack #34 of BSD Hacks ;-)
>>> I'm not sure what you're asking about with "rcs"... Are you 
>>> referring to
>>> some sort of tripwire database or tightening up permissions?
>>> Dru
>> With rcs, I want that in order for anybody to be able change any file 
>> or
>> settings in /etc/and the sbin's they would have to check it out with 
>> rcs
>> first.
>> I just want to know if this is advisable or is there a better way ti 
>> create
>> a backup copy everytime somebody wants to make any change in the /etc 
>> and
>> sbin's
> That's a cool idea. Anyone either implementing this or seen it 
> implemented out in the wild?

I set something similar up at an ISP I worked for.  We used CVS to 
manage changes made to all configuration files dealing with web 
hosting.  So when a customer added features to their hosting package, 
say they wanted a static IP, a script would be run that would update 
the files and check it back in to CVS.  Before I left, we had planned 
to managed our DNS servers in a similar fashion.  Made for an excellent 
way to track changes or any typos that might pop up.



Brad Schonhorst
Network Administrator
Village Community School

More information about the talk mailing list