[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Fcheck

Subject: Re: [cobalt-security] Fcheck
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Fri, 12 Oct 2001 21:27:56 +0200
Organization: Stauber Multimedia Design
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi James,

> Any one using FCheck on their server care to share info on which
> directories to scan. I have
>
> Directory       = /usr/

That's what I usually use as part of the Raqport & Solarspeed security 
package:

Directory       = /usr/
Directory       = /bin/
Directory       = /lib/
Directory       = /root/
Directory       = /boot/
Directory       = /sbin/
Directory       = /etc/rc.d/
Directory       = /tmp/
#Directory       = /opt/ # Remove comment for RaQ4

Exclusion       = /root/.mc/
Exclusion       = /usr/local/etc/
Exclusion       = /usr/local/man/
Exclusion       = /usr/local/majordomo/
#Exclusion       = /usr/local/psionic/ # uncomment if directory present
#Exclusion       = /usr/local/demarc/ # uncomment if directory present
Exclusion       = /usr/admserv/
Exclusion       = /usr/admserv/html/.cobalt/
Exclusion       = /usr/X11R6/man/
Exclusion       = /usr/lib/perl5/man/
Exclusion       = /usr/man/

That pretty much covers the system binaries and startscripts. It leaves some 
important configuration files for the daemons (inetd, bind, ssh) unprotected, 
though.

-- 

With best regards,

Michael Stauber
SOLARSPEED.NET

Follow-Ups:
- [cobalt-security] cannt telnet after installing SSH
  - From: M. Dinh

References:
- [cobalt-security] Fcheck
  - From: James Mackay

Prev by Date: [cobalt-security] Fcheck
Next by Date: [cobalt-security] cobalt-security@xxxxxxxxxxxxxxx
Previous by thread: [cobalt-security] Fcheck
Next by thread: [cobalt-security] cannt telnet after installing SSH

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index