Re: protecting against buffer overflow.
Thanks, I will add that line.
This box only acts as a firewall and access for my home network, so
there isn't much on it. I'm just considering the idea of editing the
pertinent scripts to accomplish that and was wondering if some tried but
found the task too daunting.
I guess for backdoors it's really just the current daemons I run right?
I rebuilt my modules and checked the daemons timestamps.
What's a good piece of software to monitor for system accesses?
Something that could send an e-mail the minute it happened would be
great. I'd still like to have ssh access from the Internet. I could
handle being notified everytime I "tripped" the software from outside
since it doesn't happen often.
Should I report the IP to RBL or something like that?
Russell
On Sat, 2001-09-15 at 13:17, Alberto Gonzalez Iniesta wrote:
> On Sat, Sep 15, 2001 at 12:51:26PM -0400, Russell Speed wrote:
> > Should I remove /bin/sh for something less obvious as a general
> > protection from buffer overflows?
> >
>
> Most shell scripts running on your server call #!/bin/sh, so
> removing it will get you in lots of trouble ;-)
> Just try:
> $ grep "\/bin\/sh" /etc/init.d/*
>
> If your software is up-to-date buffer overflows shouldn't be a problem.
> If you're running Potato, make sure you've this line in
> /etc/apt/sources.list:
>
> deb http://security.debian.org stable/updates main contrib non-free
>
> And keep it updated & upgraded
>
> Also, if you think your machine was compromised, check for backdoors,
> modified binaries, etc... Changing passwords may not be enough
>
> --
> Alberto Gonzalez Iniesta
> agi@agi.as
>
> Give Me Liberty or Give Me Death (Patrick Henry)
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: