Re: [linux-security] Re: Checking remote servers

[Pluto <pluto pizzaservice de>]

-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 12 May 1998 jhenders bogon com wrote:

> Why not eliminate the possibility of someone changing the binaries
> completely by running them from the cdrom. Put as much of the filesystem

  Fedexing the new CD's around means having somone walk to the box, so if
he / she is already there, why not have him/her punch the speed button
which is easily attached to the write protect switch of some SCSI hd's?
Makes maintaining easier, I'd think.
  When you leave two partitions for /var and /tmp rw but mounted
noexec, suid/sgid and nouser there shouldn't be a geat chance for a
intruder to get some custom login to run. And overwriting some apps with a
logfile should be prevented by the ro filesystem.

  Ipfwadm with strict reject rules should keep you from beeing visible to
the average imap2, smtp, finger etc. portscanning CyBERDuDe :-)

  Yours

  Pluto
/*------------------------------------------------------------------*\
  Free information! Freedom through knowledge. Wisdom for all!! =:-)
  Key fingerprint: 1F 3F EA 94 D0 56 A6 86  4D 19 C4 56 6C F9 43 44

  ----- Your todays fortune cookie ------

I do hate sums.  There is no greater mistake than to call arithmetic an
exact science.  There are permutations and aberrations discernible to
minds entirely noble like mine; subtle variations which ordinary
accountants fail to discover; hidden laws of number which it requires a
mind like mine to perceive.  For instance, if you add a sum from the
bottom up, and then again from the top down, the result is always
different.
		-- Mrs. La Touche (19th cent.)

  ----- End of fortune ------


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAgUBNV3SW8SyBNtyYarNAQE4CgQAnra9sWi9CqXU/BRyY3tRksXbBZHlIvGl
ssK2BGV1ooVHvYYDhAWFVmJD/YYS42D1w9q4wZJsDw/GqZAyK0nIUnydDy5XMyRC
EM0J4w5QEEQ2aF1y2j56Py//6a5W7vMDSmbWM2cMbkg30dPOUncyhruWVIAQB0Zj
tvDYzdqXx1k=
=kmP8
-----END PGP SIGNATURE-----