Re: have I been rooted?
On Thu, 20 Mar 2003 02:43, debian@computerdatasafe.com.au wrote:
> 2. Install, setup, learn and use some software such as tripwire, that you
> can use to see whether there are unauthorised changes to system files.
Unless you run tripwire from bootable removable media that doesn't do much
good.
> 3.
> Consider mounting /usr ro. One way that appeals to me, but I've no actually
> tried it, is to make an ISO of it and mount it on loopback. If you can have
> / ro, so much the better.
If they crack root then they can mount it read-write. If you want it really
read-only then consider using a CD-ROM.
> 4. Make sure that writable partitions are mounted noexec. If someone
> breaks, say Apache as was a possibility a few months ago, you don't want
> them running their cracker kit on your box. Note that this is not perfect,
> '/bin/bash -c "source ./kit"' can still do some damage.
If you install SE Linux then you get much better control over your system.
When Apache can't even see other processes or write to /tmp it makes such
exploits much more difficult.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: