Security process

Aggelos Economopoulos aoiko at cc.ece.ntua.gr
Mon Mar 8 13:05:59 PST 2010


Walter wrote:
> I got curious about BSD (DragonFly, specifically) security and
> wondered why there wasn't a security process that processed all
> security-relevant error messages which could then be used to
> block IPs, disable user accounts, and kill processes.

Because
a) such a mechanism could be used for DoS attacks on the system itself
b) whether an error message is "security-relevant" is not something one
can decide with a trivial heuristic
c) most network services are 3rd-party software that we have no control over
d)...

> At least
> it'd be a step to automating *some* obvious security measures
> rather than requiring root action.  Things like repeated login-
> in failures from external (as in China) IPs.  Anyone?

"External" to what? FYI people in China are potential users of
DragonFlyBSD (or indeed any free software project) as much as those in
any other country. Some have even been known to be important developers...

Aggelos





More information about the Users mailing list