* Thomas Föcking wrote on Tue, May 21, 2002 at 16:45 +0200:
> But then I am be sure if ColdFusion

Do you trust this as secure?

> 2. compiled new kernel 2.4.18 with LIDS (lids.org) support.

I do not know what LIDS does exactly but I think it was a good
idea to use it ;)

> 3. secured all directories readonly except /dev, /var, /tmp, /proc

Does lids prevents the chmod call? Usually root can open files
anyway AFAIK, does LIDS prevents this?

> 4. denied files like /etc/shadow except for su, login, proftp, sshd readonly

How does this work? Matching based on binary name? What happens
when doing a execl("/tmp/evil", "/bin/login", "params")? What
happens when having a evil /tmp/login or so?

> 5. secured .bash_history, /var/log/firewall, /var/log/messages as append only

Does bash handle append-only history files correctly?

> And to keep track of what is going on:
> 1. weekly mail with all important logfiles

weekly? Usually attackers clean up logs after breaking in...

> 2. lids provides a port scan detector and to send a mail to me, if something
> is goning wrong in the system.

port scan --> email? I think you'll get a lot of mail :)

> Is this enough to avoid crackers to change my system?

If this host is not networked, it's suffcient. Otherwise, it is
not secure of course, since it's never secure.

> I know, that nothing is nearly 100% secure, but I think if no
> one (root included) can change system files it should be quite
> secure also if some breaks into the system and gets
> root privileges.

Yes, but with www-run (or whatever) priviledges he/she may get
interesting information, for instance HTTP passwords and such,
and who knows what other tricks are possible. You're right, it is
not 100% secure. But it's more secure than many other systems :).

> I think If I'll always install the newest SuSE security updates
> the system would be only a few days unsaved. If then someone
> would break into, s/he could not damage that much, I hope.

Theoretically she/he can, with a nice rootkit (I don't know if
there are some for LIDS protected systems available) your system
is lost. If you don't notice that it is compromised it doesn't
help if you install a security update afterwards. But if you have
good tape backups of the user data an successfull attack is not a
big problem, only unpaid work...

oki,

Steffen

-- 
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]