Re: Secure 2.4.x kernel

[Anthony DeRobertis <asd@suespammers.org>]

> making the disks readonly is not trivial ...
> lots of work  to make it readonly.. a fun project ...

Not really. Nothing should write anywhere except /var and /tmp 
(did I miss any). Also, if you have users, then /home.

In particular, if it is in $PATH, make it read-only. Many root 
kits trojan system binaries, and will fail on read-only media.

By using ramdisks, you can easily make the entire file-system 
read-only; you need only hit reset restore.

> > 	o apt-get remove gcc
>
> i'd remove make, tar and perl

Won't removing tar break dpkg? And many other things? Same with perl?

And without tar, how to do backups...

> its fun to see installed new root kits that couldn't finish its
> tasks cause gcc and tar etc is missing...
> 	- never did understand why the rootkit didnt come with
> 	its own pre-compiled binaries ...

They would have to be staticly linked to have a chance of 
working, and then the root kit would be several megs per 
executable larger.

> > and, most important:
> > 	o apt-get update && apt-get upgrade
>
> that assumes that security.debian.org is listed in sources.list
> ( *sorry* just had to add the comment.. :-)

I've never understood why it isn't always by default.
>

> for simplicity... one can start here
> http://www.debian.org/doc/manuals/securing-debian-howto/

Yep.