RE: a weird script worm uploaded via php with debian 3.0 ?
> While I agree with your observation I feel compelled to
> defend his point.
>
> He said mounting /tmp will stop MOST Trojans. While it might
> not stop a trojan planted by a person, it will stop a trojan
> planted by a worm (which is what this thread is about) since
> the author of the worm might not have had the insight to use ld.so.
>
A good solution, not too hard to implement, is to patch your kernel with
grsecurity.
Grsecurity provides a very good level of protection against buffer overflow
attacks,
It randomizes PIDs, it protects chroots, enforces the TCP/IP stack, etc.
Grsecurity is actually a cumulative patch from Pax, some OpenBSD TCP/IP
stuff ported
into linux, openwall, HAP-linux.
Btw it is very configurable, and pretty well documented, at configuration
level.
I use it and am very happy with it. If I trust archives from this list, I am
not
the only one in this case :-)
http://www.grsecurity.net
Reply to: