On Sat May 8 2004 17:50, Roy Souther wrote: > I just wrote up this html file called ServerDefender that talks about > how to protect your server if someone gets into it. Let me know what you > think. > > http://llug.linux.ab.ca/Projects/ServerDefender/ServerDefender.html > > Roy Souther > www.SiliconTao.com > > Changing the way people do business.
An OK quick-and-dirty layer on top of normal chroot jailing (which should be done anyway). Ideally, this should kind of hardened implementation should be done instead using mandatory ACLs and security policy frameworks such as SELinux provides. However, those can require quite a bit of overhead to modify or develop. Some of the things that this misses out on protecting is the running, available services (including the kernel) by using protections against stack smashing and buffer overflows, etc. But all-in-all, if you want a quick-and-dirty lock-down, this would do it. My thoughts, Curtis _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
