[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secure installation

Quoting Russ Allbery (rra@debian.org):
> Celejar <celejar@gmail.com> writes:
> 
> > Just curious; anyone can forget a user account, but how did the
> > attacker get root?
> 
> There are a *lot* more privilege escalation attacks than there are remote
> exploits.  Just in the Linux kernel, a new one seems to show up every six
> months or so.

Moen's First Law of Security ("It's easier to break in from the inside."
http://linuxmafia.com/~rick/lexicon.html#moenslaw-security1

It's always worthwhile to audit one's system (on an _ongoing_ basis, as
Russ suggests) for local weaknesses that allow privilege escalation,
and especially for the ones that make it _easy_.

It's a fact that most people's machines are cracked by canned 'sploits 
run via automated scripts by kiddies who don't even understand their
tools -- which is a pretty ignominious thing to happen.  Don't let it
happen to you.

And this is _another_ reason why a properly targeted file-based IDS is 
a really capital idea -- as is alertness about what is and is not
aberrant system behaviour.  I can even make this point in a
Debian-relevant way.  All hail to the Debian Project's sysadmins, who 
in November 2003 showed everyone how to do it right:  
http://linuxgazette.net/issue98/moen.html

-- 
Cheers,                English is essentially a text parser's way of getting 
Rick Moen              faster processors built.
rick@linuxmafia.com    -- John M. Ford, http://ccil.org/~cowan/essential.html
Reply to: