[233] in linux-security and linux-alert archive
Re: Proposal - Linux security package and howto
daemon@ATHENA.MIT.EDU (Bob Bagwill)
Tue May 16 04:04:25 1995
To: linux-security@tarsier.cv.nrao.edu
In-reply-to: Your message of "Fri, 05 May 1995 21:20:52 EDT."
<Pine.LNX.3.91.950505210744.31573B-100000@bach.cis.temple.edu>
Date: Mon, 08 May 1995 08:32:40 -0400
From: Bob Bagwill <bagwill@kangaroo.ncsl.nist.gov>
-----BEGIN PGP SIGNED MESSAGE-----
Content-Type: text/plain; charset="us-ascii"
Alex [paraphrased] said:
> > anon-ftpd-0.7 - to permit worry-free ftp
>
> This is not included in FAQ and I'd not recommend this program. We had
> several reports from companies that were using it that sometimes systems
> that run anon-ftpd suddenly freeze (SunOS, Solaris, OSF/1, BSD 4.3)
That may be. In any case, a simpler ftpd would be nice to have. Users
often set up anonymous FTP wrong, and the wu-ftpd's configurability is
a two-edged sword.
> > rsaref - for pgp
>
> Please notice that neither pgp nor rsaref can be included into any of
> linux distributions due to USA (stupid, IMHO) export/import regulations.
> Having a court case against Phill goin on right now, no one in the right
> mind would risk.
That's OK. Although a physical security package would be nice, a
virtual one consisting of what to get, and how to install it, would
be almost as useful. Also, we could have a US version on a US machine,
and a non-US version elsewhere, which would be identical except for
the source of the encryption software.
> > skey-2.2 - to login to firewall system
>
> Included in FAQ. I'm still trying to figure out who has a reasonable
> patches to combine skey with shadow. Also, skey is not a login to a
> firewall system - this is just a one time password authenticator/
That's true, but many firewalls seem to be using s/key for their
authenticator for external access.
> > lsof_3.23 - to check for suspicious processes
> Does not work with Linux (yet?).
The version I have seems to work.
> > chrootuid - to chroot WWW daemons
> I'm not familiar with this one unless you mean just chroot.
Chrootuid is a little wrapper you use to invoke the daemons
which do not chroot themselves. Actually, most can or do,
but you may not trust that they do it correctly.
- --
Bob Bagwill
Bob Bagwill <rbagwill@nist.gov>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQBVAwUBL64PZy3LE4ASJ+zxAQEvjAIAvDKg/nKjQ7gNBVsElFYj/ed9OOw/TZLH
EKFjNil8nV7facIC94tbO9nURm2j62qSCEKWZkbVFip1fEelDn19EQ==
=O6Tj
-----END PGP SIGNATURE-----
