[NTLUG:Discuss] Secure a system by securing GCC..
Jim Williams
jimw at linux-class.com
Mon Jul 1 17:33:07 CDT 2002
A few more of my favorite tricks to trip up the intrepid
cyber-terrorist. ( A hacker is simply a software programmer, not a bad
guy. )
1. Make filesystems where users can create files, like /home /var or
/tmp, "nosuid" and "noexec". This keeps them from executing any binaries
from these filesystems. Keep your binaries in /usr, /bin and /sbin.
2. Mount /usr filesystem as "read only". Files there aren't written to
unless you are upgrading packages anyway.
3. Use "chattr +i" on /bin and /sbin subdirectories and anywhere else
where you want to make the files "immutable" or completely unchangeable.
Even as root you have to use chattr to remove the immutable setting
before you can change or delete them.
Anyone will tell you that this doesn't make your system impossible to
break into but all we can do is make it more difficult to crack than
most systems. The majority of attacks are random attepmts and these
tricks will encourge the CT to move on to another system and leave you
alone.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Williams
RHCE, CCNA, MCSE+I
Contract Systems Administrator &
Certified Technical Instructor
S.Florida: 954.558.2807
Dallas/Ft.Worth: 214.557.3626
Break Out of the Windows Box!
Explore the possibilities of Open Source Software.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Discuss
mailing list