[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [linux-security] Re: Checking remote servers

From: Leigh Porter <leigh wisper net>
To: linux-security redhat com
Subject: Re: [linux-security] Re: Checking remote servers
Date: Sun, 24 May 1998 23:48:19 +0000

Scott Venier wrote:

       If the machine was sitting in front of you, you'd just reboot

> > it with a boot floppy, and run a known-good version of RPM from the
> > floppy, but that's not an option when the machine's on the other side
> > of the country; someone local would have to reboot the machine every
> > so often, run the verification, and then reboot again.
> >
> >       (Hmm... a cracker could modify the shutdown scripts to restore
> > the original versions of binaries, so the verify would report nothing.
> > Perhaps even the check from floppy is no guarantee of anything.)
> >
> >       Any suggestions?

mke2fs /dev/xxxx :(

Seems like having an OS with a publicly available kernel source could
be a serious security hazard! Saying that, once they are in then I
think your basically done, apart from a complete re-install there is
no way to be completely sure that you have gotten rid of everything.

Only way to win is not to play (Shut up all the holes so nothing can
get in!).

I'll obviously not share our security measures on the list, but the
more routers and firewalls and knots you tie in the Ethernet cable the
better, then a simple hole in something that just about anybody with a
serious presence on the net runs can let the world in!

It is also apparent that many people who run Linux systems do not
really know much about security or where to keep track of bugs and
updates which makes Linux a prime target not to mention it's
popularity!

Saying that though, if a DNS was behind a firewall that let ONLY DNS
though and nothing else except from maybe specified IP addresses then
the chance of being done would be substantially reduced.

[mod: Not this time. A cracker having root-access (through the DNS
bug) will not be stopped by a few firewall rules saying only DNS is
going to go in. Sure having access to "telnet" into the machine is a
bit more comfortable, but root-access through DNS is good enough to
subvert the whole machien. --REW]

[mod: Whole article reformatted. -REW]

--
Leigh Porter

Follow-Ups:
- Re: [linux-security] Re: Checking remote servers
  - From: Michael H. Warfield

References:
- Re: [linux-security] Checking remote servers
  - From: Scott Venier

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]