Re: Server hacked - next...?

To: "Jason Lim" <maillist@jasonlim.com>, <debian-isp@lists.debian.org>
Subject: Re: Server hacked - next...?
From: Russell Coker <russell@coker.com.au>
Date: Tue, 1 Jul 2003 13:02:59 +1000
Message-id: <[🔎] 200307011302.59862.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <001301c33f75$761fe0b0$0800a8c0@SYSTEM8>
References: <Pine.LNX.4.43.0306290156100.10730-100000@blackhole.quasar.net> <20030629104805.GE14343@sjefen.linux.cxm> <001301c33f75$761fe0b0$0800a8c0@SYSTEM8>

On Tue, 1 Jul 2003 12:07, Jason Lim wrote:
> > Mount /tmp with noexec
> > Run a hardened kernel like NSA or Grsecurity.
> > etc.
>
> What would the advantage of mounting /tmp with noexec be??

If you have /tmp, /var/tmp, /home, and any other place the user can possibly 
write to be noexec then it is more difficult for them to increase their 
access.

It won't stop them, but it will make things more difficult.

> Definitely looking into running a hardend kernel now... especially after
> all this crap. Only thing that's been holding me back is the amount of
> work it would entail.....

It's not that difficult.  The SE Linux sourceforge project has some docs on 
installing it.  For Debian it's reasonably easy, the only difficult parts are 
compiling a new kernel with support, and writing any necessary policy.

The #selinux IRC channel on irc.debian.org can be used for advice.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Prev by Date: Re: [Urgent] Samba problem
Next by Date: Re: Server hacked - next...?
Previous by thread: Re: Server hacked - next...?
Next by thread: Re: Server hacked - next...?
Index(es):
- Date
- Thread