[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Fcheck
- Subject: Re: [cobalt-security] Fcheck
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Fri, 12 Oct 2001 21:27:56 +0200
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi James,
> Any one using FCheck on their server care to share info on which
> directories to scan. I have
>
> Directory = /usr/
That's what I usually use as part of the Raqport & Solarspeed security
package:
Directory = /usr/
Directory = /bin/
Directory = /lib/
Directory = /root/
Directory = /boot/
Directory = /sbin/
Directory = /etc/rc.d/
Directory = /tmp/
#Directory = /opt/ # Remove comment for RaQ4
Exclusion = /root/.mc/
Exclusion = /usr/local/etc/
Exclusion = /usr/local/man/
Exclusion = /usr/local/majordomo/
#Exclusion = /usr/local/psionic/ # uncomment if directory present
#Exclusion = /usr/local/demarc/ # uncomment if directory present
Exclusion = /usr/admserv/
Exclusion = /usr/admserv/html/.cobalt/
Exclusion = /usr/X11R6/man/
Exclusion = /usr/lib/perl5/man/
Exclusion = /usr/man/
That pretty much covers the system binaries and startscripts. It leaves some
important configuration files for the daemons (inetd, bind, ssh) unprotected,
though.
--
With best regards,
Michael Stauber
SOLARSPEED.NET