Security in OpenBSD

Security in OpenBSD

Post by Victo » Sat, 25 Mar 2000 04:00:00



I am trying to secure my OpenBSD box a little tighter then it is now. One of
the things that bother me is that I don't know of any tool taht can be used
to view the information in the logs for ipnat/ipf. There are like 5 logs
(some are automatically gziped even). How are these logs generated (are they
rotated on size or time?) and how do you use them? Is there a tool that
parses them and shows what's going on or do I just have to duke it out and
look through the lines every time. What do people generally do?

I understand that OpenBSD comes secured out of the box. But generally (I
guess there a lot of prefessionals here who use OpenBSD to it's limits) what
else should/can be done?

Thanks

 
 
 

Security in OpenBSD

Post by Chris » Sat, 25 Mar 2000 04:00:00



Quote:> I am trying to secure my OpenBSD box a little tighter then it is now. One
of
> the things that bother me is that I don't know of any tool taht can be
used
> to view the information in the logs for ipnat/ipf. There are like 5 logs
> (some are automatically gziped even).

I guess 1 way is to "gunzip" them and "cat"

Quote:> How are these logs generated (are they
> rotated on size or time?) and how do you use them?

check the "/etc/syslog.conf" or "/etc/newsyslog.conf"

and

"man syslogd" or "man newsyslog" to detail informations

CH

Is there a tool that

Quote:> parses them and shows what's going on or do I just have to duke it out and
> look through the lines every time. What do people generally do?

> I understand that OpenBSD comes secured out of the box. But generally (I
> guess there a lot of prefessionals here who use OpenBSD to it's limits)
what
> else should/can be done?

> Thanks


 
 
 

1. Security from outside call-ins

I am on a Sun 3/260 running SunOS3.5.  Plugged into Serial Port A
I have a Microcom AX/2400 modem.  Some of the users at my site are
so dedicated that they actually want to be able to do some work
while they are home by way of calling in on their modems! (Can
you believe it?)  

Here's the question:  They (the users) have told me of other
systems they have been on (I believe Vax's) where they were
prompted to enter a system password before they were even asked for
thier own.  This could be some cryptic type of combination of
letters and numbers, making it almost impossible for the average
hacker to break. Anyone have ideas on how I could incorporate this
into my passwd file, but only having it prompt those who are dialing
in on the modem?  This could get to be a real pain if they had to
respond to another password everytime they logged in from a work-
station here at work.  

Then, once the caller successfully types in the system password,
they would still have to enter their own password.  Is such a
thing possible?  Thanks.
--
------------------------------------------------------------------
Don Cox :=)
UUCP: ..!rutgers!rochester!kodak!fedsys!scotty!dec
DISCLAIMER: The opinions expressed are mine and not of my employer.

2. How to allow FTP in but not telnet in?

3. OpenBSD Security Advisory: BSD I/O Signals

4. News statistics ?

5. Yellow Pee in OpenBSD-Only Network and Security

6. Signal behavior from 5.5.1 to 5.6

7. OpenBSD Security Advisory: BSD I/O SIgnals

8. Mitsumi LU005 update

9. what security level is openbsd?

10. OpenBSD Nat security

11. OpenBSD's security rating in the Orange Book classification system.

12. security of OpenBSD vs Linux distros

13. applying security patches to OpenBSD 3.0 ( i r dumb)