Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Steffen Dettmer (steffendett.de)
Date: Wed May 22 2002 - 02:33:38 CDT
* Thomas Föcking wrote on Tue, May 21, 2002 at 16:45 +0200:
> But then I am be sure if ColdFusion
Do you trust this as secure?
> 2. compiled new kernel 2.4.18 with LIDS (lids.org) support.
I do not know what LIDS does exactly but I think it was a good
idea to use it ;)
> 3. secured all directories readonly except /dev, /var, /tmp, /proc
Does lids prevents the chmod call? Usually root can open files
anyway AFAIK, does LIDS prevents this?
> 4. denied files like /etc/shadow except for su, login, proftp, sshd readonly
How does this work? Matching based on binary name? What happens
when doing a execl("/tmp/evil", "/bin/login", "params")? What
happens when having a evil /tmp/login or so?
> 5. secured .bash_history, /var/log/firewall, /var/log/messages as append only
Does bash handle append-only history files correctly?
> And to keep track of what is going on:
> 1. weekly mail with all important logfiles
weekly? Usually attackers clean up logs after breaking in...
> 2. lids provides a port scan detector and to send a mail to me, if something
> is goning wrong in the system.
port scan --> email? I think you'll get a lot of mail :)
> Is this enough to avoid crackers to change my system?
If this host is not networked, it's suffcient. Otherwise, it is
not secure of course, since it's never secure.
> I know, that nothing is nearly 100% secure, but I think if no
> one (root included) can change system files it should be quite
> secure also if some breaks into the system and gets
> root privileges.
Yes, but with www-run (or whatever) priviledges he/she may get
interesting information, for instance HTTP passwords and such,
and who knows what other tricks are possible. You're right, it is
not 100% secure. But it's more secure than many other systems :).
> I think If I'll always install the newest SuSE security updates
> the system would be only a few days unsaved. If then someone
> would break into, s/he could not damage that much, I hope.
Theoretically she/he can, with a nice rootkit (I don't know if
there are some for LIDS protected systems available) your system
is lost. If you don't notice that it is compromised it doesn't
help if you install a security update afterwards. But if you have
good tape backups of the user data an successfull attack is not a
big problem, only unpaid work...
-- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
-- To unsubscribe, e-mail: suse-security-unsubscribesuse.com For additional commands, e-mail: suse-security-helpsuse.com Security-related bug reports go to securitysuse.de, not here