[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [linux-security] Checking remote servers

From: jhenders bogon com
To: linux-security redhat com
Subject: Re: [linux-security] Checking remote servers
Date: Tue, 12 May 1998 15:54:39 -0700

On Tue, May 12/98, Andrew Kuchling <akuchlin cnri reston va us> wrote:
> I'd like to hear some suggestions about securely administering a
> system remotely.  Here's the application: a project is going to
> scatter some server machines around the US.  The server machines will
> be running Linux, with the only network servers being a custom
> application.

Then don't activate anything else other than sshd for access to the box.
If you don't have easy physical access to the box you might also want to
consider a second box with only sshd and a serial connection to the
first box, and add the serial console patches for the kernel.

> 
> 	Ignoring the separate question of physical security, how can I
> remotely check the system's integrity using Tripwire, 'rpm --verify',
> or some other mechanism?  An obvious first solution is to leave a
> CD-ROM in the machine containing the RPMs (Tripwire database,
> whatever), but a cracker could just put a Trojan version of RPM in
> place.  You could put the RPM binary on the CD too, but then a cracker
> would just have to modify the shell to recognize when the RPM binary
> on the CD is being run, and substitute the Trojan version.  Inserting
> a back door into the kernel's implementation of exec() would handle
> shells, C scripts, and anything else that tries to run that binary.
> Putting RPM on the CD raises the bar, requiring a more sophisticated
> attacker, but it doesn't solve the problem.

Why not eliminate the possibility of someone changing the binaries
completely by running them from the cdrom. Put as much of the filesystem
on cd as you can. Use a bootable cdrom. If you can't use a bootable cd,
boot from a write protected floppy. Does anyone know if any of the
cdrom filesystems can support symlinks? If not you would have to mount
the root filesystem on a ramdisk I suppose. Only have variable data
stored on the local hard drive and better yet have copies written back
to your home machine in real time.

-- 
  Artificial Intelligence stands no chance against Natural Stupidity.
            GAT d- -p+(--) c++++ l++ u++ t- m--- W--- !v
                 b+++ e* s-/+ n-(?) h++ f+g+ w+++ y*

Follow-Ups:
- Re: [linux-security] Re: Checking remote servers
  - From: Pluto

References:
- Checking remote servers
  - From: Andrew Kuchling

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]