Re: harden-debian script?
Just how would "chmod go-r /etc/bind/*" imply that I "only want to protect
from script kiddies and neglect other attackers?" If an attacker manages
to get shell on my firewall, I don't want to just hand him a map of my
internal network. I'll force him to sniff (an activity I'll likely notice
and stop).
Why all the philisophical rhetoric?
- Scott
>
> But what actually does it give you? It protects you from cracker-wannabies
> who see that if there is an 'X' line in your /etc/inetd.conf, then it's time
> to run exploit 'Y'.
> This gives you a false sense of security, unless you only want to protect
> from script-kiddies while neglecting other attackers. But since you say this
> is to be 'one step in a larger security plan', then I really don't
> understand what it gives.
>
> regards
>
> Marcin
> --
> +--------------------------------+ The reason we come up with new versions
> |Marcin Owsiany | is not to fix bugs. It's the stupidest
> |porridge@pandora.info.bielsko.pl| reason to buy a new version
> +--------------------------------+ I ever heard. - Bill Gates
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: