FreeBSD Bugzilla – Attachment 31832 Details for
Bug 52878
[PATCH] security(7): small clarification on securing staff accounts
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 3.06 KB, created by
Brian Minard
on 2003-06-03 02:40:07 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Brian Minard
Created:
2003-06-03 02:40:07 UTC
Size:
3.06 KB
patch
obsolete
>--- security.7 Wed May 28 19:24:13 2003 >+++ security.7 Wed May 28 19:38:18 2003 >@@ -40,9 +40,9 @@ > (see > .Xr chflags 1 ) > on every system binary because while this may temporarily protect the >-binaries, it prevents a hacker who has broken in from making an >+binaries, it prevents a cracker who has broken in from making an > easily detectable change that may result in your security mechanisms not >-detecting the hacker at all. >+detecting the cracker at all. > .Pp > System security also pertains to dealing with various forms of attack, > including attacks that attempt to crash or otherwise make a system unusable >@@ -103,10 +103,10 @@ > user's account. If an attacker has found a way to break root on a machine, > the attacker may not have a need to install a backdoor. > Many of the root holes found and closed to date involve a considerable amount >-of work by the hacker to cleanup after himself, so most hackers do install >-backdoors. This gives you a convenient way to detect the hacker. Making >-it impossible for a hacker to install a backdoor may actually be detrimental >-to your security because it will not close off the hole the hacker found to >+of work by the cracker to cleanup after himself, so most crackers do install >+backdoors. This gives you a convenient way to detect the cracker. Making >+it impossible for a cracker to install a backdoor may actually be detrimental >+to your security because it will not close off the hole the cracker found to > break in the first place. > .Pp > Security remedies should always be implemented with a multi-layered >@@ -378,7 +378,7 @@ > way to look for modified files is from another (often centralized) > limited-access system. > Writing your security scripts on the extra-secure limited-access system >-makes them mostly invisible to potential hackers, and this is important. >+makes them mostly invisible to potential crackers, and this is important. > In order to take maximum advantage you generally have to give the > limited-access box significant access to the other machines in the business, > usually either by doing a read-only NFS export of the other machines to the >@@ -466,7 +466,7 @@ > thought. Even more importantly, a security administrator should mix it up > a bit - if you use recommendations such as those given by this manual > page verbatim, you give away your methodologies to the prospective >-hacker who also has access to this manual page. >+cracker who also has access to this manual page. > .Sh SPECIAL SECTION ON D.O.S. ATTACKS > This section covers Denial of Service attacks. A DOS attack is typically > a packet attack. While there isn't much you can do about modern spoofed >@@ -633,7 +633,7 @@ > keys that give you access to the rest of the system, and you ssh to an > unsecure machine, your keys becomes exposed. The actual keys themselves are > not exposed, but ssh installs a forwarding port for the duration of your >-login and if a hacker has broken root on the unsecure machine he can utilize >+login and if a cracker has broken root on the unsecure machine he can utilize > that port to use your keys to gain access to any other machine that your > keys unlock. > .Pp
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=31832">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 52878
:
31831
| 31832 |
31833