xs@nitric.net wrote:
> 
> A list of the things I tend to do when hardening netbsd are at the end of
> this mail:
> http://mail-index.netbsd.org/tech-security/2002/02/03/0003.html
> 
> I'm working on something that automagically does the permission
> changing flexibly. I'm currently testing and using it with netbsd 1.5.2
> and 1.5.3_ALPHA on some i386 and sparc boxes, it's not finished, but might
> be of interest. http://www.kittenz.org/xs/stuff/nbsec.tar.gz
> "fixup" is the script to look at.
> 
> A similar script is at http://www.htcon.pl/~wojboj/securesystem
> and is by Wojciech Bojdol.
> 

Many thanks, the info in the mailing list thread and scripts are exactly 
what I was looking for. In the Linux world, RedHat have a great guide 
called "Securing and Optimising RedHat Linux", which contains info on 
most of the things you discuss. What would be great is if a definitive 
HOWTO for hardening NetBSD could be put together, and along with the 
scripts, kept in sync with each release. If you don't mind, I'll expand 
out your mailing list post into a rudimentary HOWTO, and stick it up on 
my homepage.

Chris

-- 
chris.wareham@iosystems.co.uk (work)
cwareham@btinternet.com (home)