Hi,
The Securing Debian manual suggest one should set the /usr partition to
ro and use remount when you install new programs.
I was just wondering how much security one gains with this. Wouldn't
most hackers go after the programs in the /bin and /sbin directories
anyway?
Thanks for any input.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 09 Oct 2003 at 04:34:12AM -0400, Tarjei Huse wrote:
Hi,
The Securing Debian manual suggest one should set the /usr partition to
ro and use remount when you install new programs.
I was just wondering how much security one gains with this.
* Tarjei Huse [EMAIL PROTECTED] [031009 10:55]:
The Securing Debian manual suggest one should set the /usr partition to
ro and use remount when you install new programs.
I was just wondering how much security one gains with this.
I do not think one gets much security out of it. I think the
Hi There Again!
I have seen some emails already on this topic. I'm monitoring a larg
trafic with snort, and it had began to generate the message $subject$. The
logcheck is running and it has generated a log to above 3mb size because
of this message. Is there some way to turn snort to print
Bernhard R. Link [EMAIL PROTECTED] writes:
* Tarjei Huse [EMAIL PROTECTED] [031009 10:55]:
The Securing Debian manual suggest one should set the /usr partition to
ro and use remount when you install new programs.
I was just wondering how much security one gains with this.
I do not think
On Thu, Oct 09, 2003 at 08:06:46AM -0400, Phillip Hofmeister wrote:
If I r00t your system I'll have access to remount it rw anyhow. Any
hacker who doesn't know how to remount a file system is really lame.
You may slow someone down for 3 seconds until they type:
It'll stop a worm or automated
Lúcio , atende o celular ...meu
ACHEIufa
· Controle de Estoque físico e financeiro
· Cadastro de Clientes (Física/Jurídica)
· Controle e emissão de orçamentos
· Cadastro de Fornecedores
· Controle de pedidos de compra
· Cadastro de funcionários
·
On Thu, 09 Oct 2003 at 01:58:40PM -0400, Brandon High wrote:
On Thu, Oct 09, 2003 at 08:06:46AM -0400, Phillip Hofmeister wrote:
If I r00t your system I'll have access to remount it rw anyhow. Any
hacker who doesn't know how to remount a file system is really lame.
You may slow someone
Getting rid of root kits?
Recently I've been thinking about this sort of thing as part of a
project for work.
The answer we came up with was to update boxes by rsync
with --delete
The centralised server that holds the root filesystems to be synced out
obviously has to be kept secure, but
Steve Wray said on Fri, Oct 10, 2003 at 01:22:48PM +1300:
The answer we came up with was to update boxes by rsync
with --delete
You may want to look at systemimager; it already does this, and it already
knows to exclude the stuff that you don't want to rsync. I've been doing
something like
On Fri, 10 Oct 2003 13:56, Mark Ferlatte wrote:
Steve Wray said on Fri, Oct 10, 2003 at 01:22:48PM +1300:
The answer we came up with was to update boxes by rsync
with --delete
You may want to look at systemimager; it already does this, and it already
knows to exclude the stuff that you
In article [EMAIL PROTECTED] you wrote:
Ahhh but we run scripts on the target before and after the rsync; to prep it
up and so forth, as well as patching some things in /etc
(we use a diff 'n' sed|patch system for some things in etc)
Hence, the binaries on the target that these scripts run
Hi,
The Securing Debian manual suggest one should set the /usr partition to
ro and use remount when you install new programs.
I was just wondering how much security one gains with this. Wouldn't
most hackers go after the programs in the /bin and /sbin directories
anyway?
Thanks for any input.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 09 Oct 2003 at 04:34:12AM -0400, Tarjei Huse wrote:
Hi,
The Securing Debian manual suggest one should set the /usr partition to
ro and use remount when you install new programs.
I was just wondering how much security one gains with this.
* Tarjei Huse [EMAIL PROTECTED] [031009 10:55]:
The Securing Debian manual suggest one should set the /usr partition to
ro and use remount when you install new programs.
I was just wondering how much security one gains with this.
I do not think one gets much security out of it. I think the
Hi There Again!
I have seen some emails already on this topic. I'm monitoring a larg
trafic with snort, and it had began to generate the message $subject$. The
logcheck is running and it has generated a log to above 3mb size because
of this message. Is there some way to turn snort to print
In article [EMAIL PROTECTED] you wrote:
If I r00t your system I'll have access to remount it rw anyhow.
This is more about data security. The system reboots faster if /usr is
clean. And it avoids random typo errors from root to some extend
Bernd
--
eckes privat - http://www.eckes.org/
Project
Bernhard R. Link [EMAIL PROTECTED] writes:
* Tarjei Huse [EMAIL PROTECTED] [031009 10:55]:
The Securing Debian manual suggest one should set the /usr partition to
ro and use remount when you install new programs.
I was just wondering how much security one gains with this.
I do not think
On Thu, Oct 09, 2003 at 08:06:46AM -0400, Phillip Hofmeister wrote:
If I r00t your system I'll have access to remount it rw anyhow. Any
hacker who doesn't know how to remount a file system is really lame.
You may slow someone down for 3 seconds until they type:
It'll stop a worm or automated
Lúcio , atende o celular ...meu
ACHEIufa
· Controle de Estoque físico e financeiro
· Cadastro de Clientes (Física/Jurídica)
· Controle e emissão de orçamentos
· Cadastro de Fornecedores
· Controle de pedidos de compra
· Cadastro de funcionários
·
On Thu, 09 Oct 2003 at 01:58:40PM -0400, Brandon High wrote:
On Thu, Oct 09, 2003 at 08:06:46AM -0400, Phillip Hofmeister wrote:
If I r00t your system I'll have access to remount it rw anyhow. Any
hacker who doesn't know how to remount a file system is really lame.
You may slow someone
Getting rid of root kits?
Recently I've been thinking about this sort of thing as part of a
project for work.
The answer we came up with was to update boxes by rsync
with --delete
The centralised server that holds the root filesystems to be synced out
obviously has to be kept secure, but
Steve Wray said on Fri, Oct 10, 2003 at 01:22:48PM +1300:
The answer we came up with was to update boxes by rsync
with --delete
You may want to look at systemimager; it already does this, and it already
knows to exclude the stuff that you don't want to rsync. I've been doing
something like
On Fri, 10 Oct 2003 13:56, Mark Ferlatte wrote:
Steve Wray said on Fri, Oct 10, 2003 at 01:22:48PM +1300:
The answer we came up with was to update boxes by rsync
with --delete
You may want to look at systemimager; it already does this, and it already
knows to exclude the stuff that you
In article [EMAIL PROTECTED] you wrote:
Ahhh but we run scripts on the target before and after the rsync; to prep it
up and so forth, as well as patching some things in /etc
(we use a diff 'n' sed|patch system for some things in etc)
Hence, the binaries on the target that these scripts run
25 matches
Mail list logo
