Re: How efficient is mounting /usr ro?
Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: A read-only /usr is not a security measure. Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. I think, you mean safety, not security. Safety (eng.) = Sicherheit (german) Security (eng) = Sicherheit (german) :-) regards, yasar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Fri, Oct 17, 2003 at 11:01:27AM +0200, Yasar Arman wrote:
Bernd Eckenfels wrote:
In article [EMAIL PROTECTED] you wrote:
A read-only /usr is not a security measure.
Depends on your definition og it-security. It reduces downtime, prevents
some admin and software failures and therefore is a security measure.
I think,
you mean safety, not security.
Safety (eng.) = Sicherheit (german)
Security (eng) = Sicherheit (german)
we have the same problem with english.
$ dict security
2 definitions found
From Webster's Revised Unabridged Dictionary (1913) [web1913]:
Security \Se*curi*ty\, n.; pl. {Securities}. [L. securitas: cf.
F. s['e]curit['e]. See {Secure}, and cf. {Surety}.]
[...]
(c) Freedom from risk; safety.
[...]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: So is a tape backup a security measure? What about a UPS? Is ECC memory a security measure? I guess it's a security measure to buy rack mount servers from companies such as Dell rather than assembling your own white-box machines then. :-# Yes, all of them improves the data and service availability and is therefore an it security measure. You may want to check out the baseline security manual on even more (i.e. organisational) means. http://www.bsi.bund.de/gshb/english/menue.htm Security is about protection from unauthorised access This is your definition, it does not match most of the literature you can get in that area. However most often, this is the only area where everybody talks about and where you can make the big money :) Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. And to reply to myself: Information Security - As defined by ISO-17799, information security is characterized as the preservation of: * Confidentiality - ensuring that information is accessible only to those authorized to have access. * Integrity - safeguarding the accuracy and completeness of information and processing methods. * Availability - ensuring that authorized users have access to information and associated assets when required. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Bernd Eckenfels [EMAIL PROTECTED] wrote: You may want to check out the baseline security manual on even more (i.e. organisational) means. Better forget that ridiculous paper. VB. -- X-Pie Software GmbH Postfach 1540, 88334 Bad Waldsee Phone +49-7524-996806 Fax +49-7524-996807 mailto:[EMAIL PROTECTED] http://www.x-pie.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Bernd Eckenfels [EMAIL PROTECTED] wrote: http://www.bsi.bund.de/gshb/english/menue.htm Better forget that ridiculous paper. VB. -- X-Pie Software GmbH Postfach 1540, 88334 Bad Waldsee Phone +49-7524-996806 Fax +49-7524-996807 mailto:[EMAIL PROTECTED] http://www.x-pie.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Yes, a very sophisticated kind of definition. But what about the small gap between theory and practice? Now here we're discussing about 'real life'. So I think security and availability represent to basic independend points of discussion. Security in a sense of preventing of bad impact from outside a system. That's debian-security. For the second one I would suggest debian-isp or debian-user. Christian - Original Message - From: Bernd Eckenfels [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 17, 2003 6:26 PM Subject: Re: How efficient is mounting /usr ro? ... Information Security - As defined by ISO-17799, information security is characterized as the preservation of: * Confidentiality - ensuring that information is accessible only to those authorized to have access. * Integrity - safeguarding the accuracy and completeness of information and processing methods. * Availability - ensuring that authorized users have access to information and associated assets when required. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Fri, Oct 17, 2003 at 09:05:04AM -0700, Christian G. Warden wrote:
we have the same problem with english.
$ dict security
2 definitions found
From Webster's Revised Unabridged Dictionary (1913) [web1913]:
Security \Se*curi*ty\, n.; pl. {Securities}. [L. securitas: cf.
F. s['e]curit['e]. See {Secure}, and cf. {Surety}.]
[...]
(c) Freedom from risk; safety.
[...]
Ok, how about wrapping this thread up sometime soon. The semantics and
philosophical issues can be discussed in much greater depth than they have
been so far, but preferably not on deb-sec. Here are some observations:
Making /usr read-only is not likely going to be an option in
debian-installer any time soon. The question is whether to mention the
possibility of doing it in any documentation. It's not much of a defense
against a cracker, and only useful against an automated attack that doesn't
check for it, in terms of security, so the Debian security manual isn't an
obvious place for it. It's the sort of thing that could get mentioned as a
possibly-useful-for-some-systems kind of thing in with other sysadmin tips
and tricks.
Any docs that do mention it should include info on how to tell apt to mount
it read-write before running dpkg, and read-only again after:
DPkg {
// Auto re-mounting of a readonly /usr
Pre-Invoke {mount -o remount,rw /usr;};
Post-Invoke {mount -o remount,ro /usr;};
}
from:
http://lists.debian.org/debian-devel/2001/debian-devel-200111/msg00212.html
(note the caveat that dpkg could sometimes leave running processes with file
descriptors open on deleted files, preventing /usr from being remount ro
again.)
So, as I see it, mounting /usr read-only is of minor benefit, and is only
even possible for people who have /usr on a filesystem by itself, or with
other read-only stuff. It's worth a mention somewhere, but shouldn't be
promoted as a best-practice or something that all good admins do. If a
particular system would really benefit from it, the admin probably just
needs to see the idea mentioned, not see a big list of effects on systems in
general.
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca)
The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces! -- Plautus, 200 BC
signature.asc
Description: Digital signature
Re: How efficient is mounting /usr ro?
On Fri, Oct 17, 2003 at 08:57:43PM +0200, Christian Storch wrote: Yes, a very sophisticated kind of definition. But what about the small gap between theory and practice? In theory, it approximates the practice :) So I think security and availability represent to basic independend points of discussion. Security in a sense of preventing of bad impact from outside a system. My view is that either C, I or A represents an area against which an attacker or some accident could bring on `bad impact'. Consider the simple question `Is my site defaced?'. To stay on topic, I'm for keeping /usr and /usr/local read-only, because really nothing should update them except for a few programs under controlled circumstances (that's what makes the enforcment of this policy cheap). In addition, it might help you notice an intrusion. (I also got used to remount,ro /, for that matter) bit, adam -- 1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989 finger://[EMAIL PROTECTED] | Some days, my soul's confined http://www.keyserver.net | And out of mind Sleep forever -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Sat, 18 Oct 2003 07:07, Adam ENDRODI wrote: To stay on topic, I'm for keeping /usr and /usr/local read-only, because really nothing should update them except for a few programs under controlled circumstances (that's what makes the enforcment of this policy cheap). In addition, it might help you notice an intrusion. Unless you have a good auditing setup (none of the various auditing modules are available in Debian) then you probably won't notice an automated attack that is blocked by having a read-only file system. The attack may continue hitting you regularly until you remount it rw for an upgrade, at which time the attack will succeed. If you want security for such things then use SE Linux, systrace, RSBAC, or GRSEC. Don't waste time with ro mounts of /usr. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Russell Coker [EMAIL PROTECTED] writes: On Sat, 18 Oct 2003 07:07, Adam ENDRODI wrote: To stay on topic, I'm for keeping /usr and /usr/local read-only, because really nothing should update them except for a few programs under controlled circumstances (that's what makes the enforcment of this policy cheap). In addition, it might help you notice an intrusion. Unless you have a good auditing setup (none of the various auditing modules are available in Debian) then you probably won't notice an automated attack that is blocked by having a read-only file system. The attack may continue hitting you regularly until you remount it rw for an upgrade, at which time the attack will succeed. If you want security for such things then use SE Linux, systrace, RSBAC, or GRSEC. Don't waste time with ro mounts of /usr. Mounting stuff read-only also prevents filesystem corruption in case the system does crash and reduces the frequency of fscks if you reboot frequently. You can also just pull the network plug and go single user before mounting /usr RW for updates. MfG Goswin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Thu, Oct 16, 2003 at 11:08:46PM +0200, Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: A read-only /usr is not a security measure. Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. In the IT field, security refers specifically to unauthorized use, as in security guard, and security system. It does not, in general, refer to the more generic definitions of security, as in security blanket, securities and exchange commission, or job security. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: A read-only /usr is not a security measure. Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. I think, you mean safety, not security. Safety (eng.) = Sicherheit (german) Security (eng) = Sicherheit (german) :-) regards, yasar
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: So is a tape backup a security measure? What about a UPS? Is ECC memory a security measure? I guess it's a security measure to buy rack mount servers from companies such as Dell rather than assembling your own white-box machines then. :-# Yes, all of them improves the data and service availability and is therefore an it security measure. You may want to check out the baseline security manual on even more (i.e. organisational) means. http://www.bsi.bund.de/gshb/english/menue.htm Security is about protection from unauthorised access This is your definition, it does not match most of the literature you can get in that area. However most often, this is the only area where everybody talks about and where you can make the big money :) Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. And to reply to myself: Information Security - As defined by ISO-17799, information security is characterized as the preservation of: * Confidentiality - ensuring that information is accessible only to those authorized to have access. * Integrity - safeguarding the accuracy and completeness of information and processing methods. * Availability - ensuring that authorized users have access to information and associated assets when required. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/
Re: How efficient is mounting /usr ro?
Bernd Eckenfels [EMAIL PROTECTED] wrote: You may want to check out the baseline security manual on even more (i.e. organisational) means. Better forget that ridiculous paper. VB. -- X-Pie Software GmbH Postfach 1540, 88334 Bad Waldsee Phone +49-7524-996806 Fax +49-7524-996807 mailto:[EMAIL PROTECTED] http://www.x-pie.de
Re: How efficient is mounting /usr ro?
Bernd Eckenfels [EMAIL PROTECTED] wrote: http://www.bsi.bund.de/gshb/english/menue.htm Better forget that ridiculous paper. VB. -- X-Pie Software GmbH Postfach 1540, 88334 Bad Waldsee Phone +49-7524-996806 Fax +49-7524-996807 mailto:[EMAIL PROTECTED] http://www.x-pie.de
Re: How efficient is mounting /usr ro?
Yes, a very sophisticated kind of definition. But what about the small gap between theory and practice? Now here we're discussing about 'real life'. So I think security and availability represent to basic independend points of discussion. Security in a sense of preventing of bad impact from outside a system. That's debian-security. For the second one I would suggest debian-isp or debian-user. Christian - Original Message - From: Bernd Eckenfels [EMAIL PROTECTED] To: debian-security@lists.debian.org Sent: Friday, October 17, 2003 6:26 PM Subject: Re: How efficient is mounting /usr ro? ... Information Security - As defined by ISO-17799, information security is characterized as the preservation of: * Confidentiality - ensuring that information is accessible only to those authorized to have access. * Integrity - safeguarding the accuracy and completeness of information and processing methods. * Availability - ensuring that authorized users have access to information and associated assets when required.
Re: How efficient is mounting /usr ro?
On Fri, Oct 17, 2003 at 09:05:04AM -0700, Christian G. Warden wrote:
we have the same problem with english.
$ dict security
2 definitions found
From Webster's Revised Unabridged Dictionary (1913) [web1913]:
Security \Se*curi*ty\, n.; pl. {Securities}. [L. securitas: cf.
F. s['e]curit['e]. See {Secure}, and cf. {Surety}.]
[...]
(c) Freedom from risk; safety.
[...]
Ok, how about wrapping this thread up sometime soon. The semantics and
philosophical issues can be discussed in much greater depth than they have
been so far, but preferably not on deb-sec. Here are some observations:
Making /usr read-only is not likely going to be an option in
debian-installer any time soon. The question is whether to mention the
possibility of doing it in any documentation. It's not much of a defense
against a cracker, and only useful against an automated attack that doesn't
check for it, in terms of security, so the Debian security manual isn't an
obvious place for it. It's the sort of thing that could get mentioned as a
possibly-useful-for-some-systems kind of thing in with other sysadmin tips
and tricks.
Any docs that do mention it should include info on how to tell apt to mount
it read-write before running dpkg, and read-only again after:
DPkg {
// Auto re-mounting of a readonly /usr
Pre-Invoke {mount -o remount,rw /usr;};
Post-Invoke {mount -o remount,ro /usr;};
}
from:
http://lists.debian.org/debian-devel/2001/debian-devel-200111/msg00212.html
(note the caveat that dpkg could sometimes leave running processes with file
descriptors open on deleted files, preventing /usr from being remount ro
again.)
So, as I see it, mounting /usr read-only is of minor benefit, and is only
even possible for people who have /usr on a filesystem by itself, or with
other read-only stuff. It's worth a mention somewhere, but shouldn't be
promoted as a best-practice or something that all good admins do. If a
particular system would really benefit from it, the admin probably just
needs to see the idea mentioned, not see a big list of effects on systems in
general.
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca)
The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces! -- Plautus, 200 BC
signature.asc
Description: Digital signature
Re: How efficient is mounting /usr ro?
On Fri, Oct 17, 2003 at 08:57:43PM +0200, Christian Storch wrote: Yes, a very sophisticated kind of definition. But what about the small gap between theory and practice? In theory, it approximates the practice :) So I think security and availability represent to basic independend points of discussion. Security in a sense of preventing of bad impact from outside a system. My view is that either C, I or A represents an area against which an attacker or some accident could bring on `bad impact'. Consider the simple question `Is my site defaced?'. To stay on topic, I'm for keeping /usr and /usr/local read-only, because really nothing should update them except for a few programs under controlled circumstances (that's what makes the enforcment of this policy cheap). In addition, it might help you notice an intrusion. (I also got used to remount,ro /, for that matter) bit, adam -- 1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989 finger://[EMAIL PROTECTED] | Some days, my soul's confined http://www.keyserver.net | And out of mind Sleep forever
Re: How efficient is mounting /usr ro?
On Sat, 18 Oct 2003 07:07, Adam ENDRODI wrote: To stay on topic, I'm for keeping /usr and /usr/local read-only, because really nothing should update them except for a few programs under controlled circumstances (that's what makes the enforcment of this policy cheap). In addition, it might help you notice an intrusion. Unless you have a good auditing setup (none of the various auditing modules are available in Debian) then you probably won't notice an automated attack that is blocked by having a read-only file system. The attack may continue hitting you regularly until you remount it rw for an upgrade, at which time the attack will succeed. If you want security for such things then use SE Linux, systrace, RSBAC, or GRSEC. Don't waste time with ro mounts of /usr. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: How efficient is mounting /usr ro?
Russell Coker [EMAIL PROTECTED] writes: On Sat, 18 Oct 2003 07:07, Adam ENDRODI wrote: To stay on topic, I'm for keeping /usr and /usr/local read-only, because really nothing should update them except for a few programs under controlled circumstances (that's what makes the enforcment of this policy cheap). In addition, it might help you notice an intrusion. Unless you have a good auditing setup (none of the various auditing modules are available in Debian) then you probably won't notice an automated attack that is blocked by having a read-only file system. The attack may continue hitting you regularly until you remount it rw for an upgrade, at which time the attack will succeed. If you want security for such things then use SE Linux, systrace, RSBAC, or GRSEC. Don't waste time with ro mounts of /usr. Mounting stuff read-only also prevents filesystem corruption in case the system does crash and reduces the frequency of fscks if you reboot frequently. You can also just pull the network plug and go single user before mounting /usr RW for updates. MfG Goswin
