From owner-FreeBSD-users-jp@jp.freebsd.org  Sat Feb  6 04:35:32 1999
Received: (from daemon@localhost)
	by jaz.jp.freebsd.org (8.9.1+3.1W/8.7.3) id EAA07285;
	Sat, 6 Feb 1999 04:35:32 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from nazuna.bres.tsukuba.ac.jp (nazuna.bres.tsukuba.ac.jp [130.158.220.1])
	by jaz.jp.freebsd.org (8.9.1+3.1W/8.7.3) with ESMTP id EAA07271
	for <FreeBSD-users-jp@jp.freebsd.org>; Sat, 6 Feb 1999 04:35:30 +0900 (JST)
	(envelope-from yohta@bres.tsukuba.ac.jp)
Received: by nazuna.bres.tsukuba.ac.jp (8.9.0/3.7W-981018) id EAA17847;
	Sat, 6 Feb 1999 04:35:26 +0900 (JST)
Date: Sat, 6 Feb 1999 04:35:26 +0900 (JST)
Message-Id: <199902051935.EAA17847@nazuna.bres.tsukuba.ac.jp>
To: FreeBSD-users-jp@jp.freebsd.org
In-Reply-To: Your message of "Sat, 6 Feb 1999 02:12:00 +0900 (JST)".
	<199902051712.CAA23072@ue.ipc.hiroshima-u.ac.jp>
From: yohta@bres.tsukuba.ac.jp (Yoshihiko OHTA)
X-Mailer: mnews [version 1.21PL4] 1998-06/01(Mon)
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+981115
X-Sequence: FreeBSD-users-jp 38445
Subject: [FreeBSD-users-jp 38445] Re: FreeBSD security HOW-TO
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: yohta@bres.tsukuba.ac.jp

$B!!C^GHBg$NB@ED$G$9!#(B
  $B$J$s$+86J8$,:#FI$a$J$$$_$?$$$J$N$G!"$"$$$^$$$G$9$1$I!#(B

1999-02-06($BEZ(B) 02:12:00.$B:"!"(Btaka@windows.squares.net$B$5$s$O=q$-$^$7$?!#(B

> FreeBSD Really-Quick(TM) $B%K%e!<%9%l%?!<(B
> $B$G>R2p$5$l$?(B FreeBSD $B%;%-%e%j%F%#(B
> http://www.freebsd.org/%7Ejkb/howto.html
> $B$r$\$A$\$A$HLu$7$F$$$?$s$G$9$,(B
> $B$I$&$K$b!"9T$-5M$^$C$F$7$^$$$^$7$?!#(B

  $B$$$m$$$mFI$s$G$?$a$K$J$C$?$N$G!"!V$3$&$8$c$J$$$+$J!W$H;W$C$?=j(B
$B$r=q$-=P$7$F$_$^$7$?!#$@$$$V0ULu$7$?$H$3$m$b$"$k$N$G!"(BML $B$K=P$7(B
$B$^$9!#(B


> Talk about locking down /etc/rc* and friends for securelevel -
> mentioned many times by Robert Watson on freebsd-security

/etc/rc* $B$r0BA4$K$9$k$3$H$H!"(Bfreebsd-security $B$G(B Robert Watson 
$B$,:F;08@5Z$7$F$$$k(B securelevel $B4XO"$K$D$$$FOC$9!#(B
# /etc/rc* $B$K4X$7$F$b(B Robert Watson $B$,8@5Z$7$F$$$k$N$+$I$&$+$O!"(B
# $B%m%0$r8!:w$7$J$$$H$o$+$i$J$$$G$9!D!D!#(B


> Finger $B%5!<%S%9$O=i4|@_Dj$G$b0BA4$K$J$k$h$&@_Dj$5$l$F$$$^$9(B 

finger $B$@$H;W$$$^$9!#(B


> $B$3$l$O$"$J$?$N%5!<%P!<$,%5!<%S%9$rDs6!$7$F$J$$%]!<%H$K@\B3$r;n$_$?$i%m%0(B
>$B$r<h$k$h$&$K$9$k$b$N$G$9!#(B 

$B!D!D@\B3$,;n$_$i$l$?$i!)(B


> While some argue that it is not as perfect as it could be, it
> will do the job most of the time to stop your average "script
> kiddiez".  

$B$$$/$D$+$N5DO@$O$G$-$&$k8B$j40`z$H$$$&$o$1$G$O$"$j$^$;$s$,!"(B
$B$"$J$?$N$^$o$j$NJ?6QE*$J!V%9%/%j%W%H>.AN!W$r;_$a$k$K$O==J,$G$7$g(B
$B$&!#(B


> $B$7$+$7(B IMHO

jargon $B$G$9$M!#(BIn My Humble Opinion $B$NN,$_$?$$$G$9!#;d8+$G$9$,!)(B


> It should be noted however that file /boot.config can be used to
> change kernel used at system boot-up.

$B$7$+$7(B /boot.config $B%U%!%$%k$O5/F0;~$K;HMQ$9$k%+!<%M%k$rJQ99$G$-(B
$B$k$H$$$&$3$H$rCm5-$7$F$*$/$Y$-$G$7$g$&!#(B


> But back to locking down your system.

$B$G$b$"$J$?$N%7%9%F%`$r<i$kOC$KLa$j$^$7$g$&!#(B


> At this point you should have your system reasonably locked down
> with very few services running, filesystems mounted the way they
> should and with appropriate kernel securelevel.

$B$3$l$G$"$J$?$N%7%9%F%`$O$H$F$b>/$J$$%5!<%S%9$N$_$,F0$$$F$$$F!"%U%!(B
$B%$%k%7%9%F%`$O$=$l$,$"$k$Y$-;Q$G%^%&%s%H$5$l!"E,@Z$J%+!<%M%k%;%-%e(B
$B%j%F%#%l%Y%k$GF0$$$F$$$k!"E,@Z$K<i$i$l$?$b$N$K$J$C$F$$$k$G$7$g$&!#(B


> -- and you don't want more then what you have already, trust me.

$B$3$l$O$o$+$s$J$$$G$9!D!D!#(Bthen $B$C$F(B than $B$N(B typo?  $B$=$&$@$H$7$?(B
$B$i!"!=!=$b$7:#$N>uBV0J>e$N$3$H$rK>$^$J$$$J$i!";d$r?.$8$F$/$@$5$$!"(B
$B$G$7$g$&$+!#$G$b$d$C$Q$j$"$s$^$jF|K\8l$K$J$C$F$J$$!D!D!#(B


> if you installed your system from a CD-Rom, chances are thatby
> the time the code was frozen to the time you got your CD in the
> mail, some bugs were discovered. 

  $B$b$7$"$J$?$,(B CD-ROM $B$+$i%7%9%F%`$r%$%s%9%H!<%k$7$?$N$G$7$?$i!"(B
$B$"$J$?$,M9JX$G<u$1$H$C$?(B CD $B$N%3!<%I$,7hDj$5$l$?8e$K$$$/$D$+$N%P(B
$B%0$,H/8+$5$l$F$$$k$+$b$7$l$^$;$s!#(B


> http://www.nothing-going-on.demon.co.uk/FreeBSD/make-world/make-world.html

$B$3$l$O(B http://www.rr.iij4u.or.jp/~bishop/FreeBSD/mw.html $B$KF|K\(B
$B8lLu$,$"$j$^$9$M!#(BMAEKAWA Masahide $B$5$s$K46<U$G$9!#(B


> $B$"$H!"86J8$NCx:n8"$,(B
> >1995-1998 FreeBSD Inc. All rights reserved
> $B$K$J$C$F$F!"(B
> jpman $B$NFbMF$b0zMQ$7$F$$$k$N$G$9$,!"(B
> $B8x3+$9$k$N$K2?$+LdBj$O$"$k$N$G$7$g$&$+!)(B

  BSD copyright $B$K$7$F$*$1$P$$$$$s$8$c$J$$$G$7$g$&$+!"$?$V$s!#(B


> #$B!V%G%6%$%s$,%"%d%7%$$+$i$@$a!W$H$+8@$o$l$=$&$@(B

  $B$A$g$C$H%"%l$+$b$7$l$^$;$s$M(B :-)
--
$BB@EDK'I'(B(Yoshihiko Ohta)  $BC^GHBg3X!!%P%$%*%7%9%F%`8&5f2J(B
E-mail: yohta@bres.tsukuba.ac.jp / s973637@ipe.tsukuba.ac.jp(PostPet)
