>This is NOT what I meant. I explicitly mean that you should go beyond >simply leaving the machine as shipped and should actively remove >existing SUID facilities to the extent possible and change all >persistant system processes to run unprivileged if at all possible. I >do not merely mean "regulating" SUID facilities. I really mean >actively yanking them out and replacing them with non-SUID facilities. >I also mean eliminating openings like world writable utmp files, >devices, etc. COPS generates a list of SUID files, one of its more useful features. I am in the process of going through and determining what _needs_ to be run as root, and if it does, if anyone else should have access. I also have reduced tcp/udp services to a minimum, and any that connect are logged with tcpwrapper. Right now it's only a LAN that can connect via tcp, but we are getting a 56k (ug) connection soon - and it will help to be ready by then. I know we are getting a cisco router, and I have a question for anyone - what is the latest version of the router software I need to run to keep fake ICMP packets from reaching my hosts? I believe that this was a somewhat recent upgrade by cisco, thus the presence of nuke.c or whatever being used to annoy people. Also, is there a way to block people running FSP without blocking all udp packets or relying on blocking udp to certain ports? I may not be around full-time on this system, so it is conceivable for a user to set up their own fsp server in their home dir and not have me notice it for a few weeks or so. cc