Is there somewhere I can read on how to secure Linux against local exploits?
Thanks.
- Krish
by Krish Ahy » Sun, 03 Jun 2001 14:23:49
Thanks.
- Krish
by Richard Thripplet » Mon, 04 Jun 2001 21:36:22
>Thanks.
>- Krish
Richard
by <elle.. » Tue, 05 Jun 2001 00:55:25
> Try poring through http://www.redhat.com/support/alerts/
> There might be some stuff on local exploits.
If it's an absolute must, you need to be prepared to invest some
man-months incorporating mandatory acess controls. (ie, either selinux
or rsbac) Hopefully, 2.5 will have better hooks for security modules,
so we'll see more security focused distributions emerge.
If you want to be safe with a minimum amount of fuss, two projects
worth looking into are LIDS and Low-Access Mandatory Access Controls
(try searching for lomac via freshmeat). Lomac is an interesting idea,
and probably the least painful of the above options.
There are also various solutions in user space, such as lib-safe and
the bounds checking patch for gcc, that let you trade off runtime
efficiency for security. While they're not the ideal solution from an
engineering standpoint, they do tend to be much less intrusive to
install, and can be effective.
None of this, of course, is a substitute for properly configuring the
shell server in the first place. Installed but unused software and
misconfigured apps are account for a large portion of local incidents.
--
by ENTREKE » Thu, 14 Jun 2001 20:09:43
U are welcome to visit my page on Security
http://home.att.net/~entreken/security.htm
U might also find the Linux page of interest
These are just Home Pages no commercials
> > Try poring through http://www.redhat.com/support/alerts/
> > There might be some stuff on local exploits.
> At the risk of being flamed by the zealots among us, I'd be
> careful. Unix-ish systems have a really bad track record historically
> speaking, and Linux isn't exactly a poster child in this department
> either.
> If it's an absolute must, you need to be prepared to invest some
> man-months incorporating mandatory acess controls. (ie, either selinux
> or rsbac) Hopefully, 2.5 will have better hooks for security modules,
> so we'll see more security focused distributions emerge.
> If you want to be safe with a minimum amount of fuss, two projects
> worth looking into are LIDS and Low-Access Mandatory Access Controls
> (try searching for lomac via freshmeat). Lomac is an interesting idea,
> and probably the least painful of the above options.
> There are also various solutions in user space, such as lib-safe and
> the bounds checking patch for gcc, that let you trade off runtime
> efficiency for security. While they're not the ideal solution from an
> engineering standpoint, they do tend to be much less intrusive to
> install, and can be effective.
> None of this, of course, is a substitute for properly configuring the
> shell server in the first place. Installed but unused software and
> misconfigured apps are account for a large portion of local incidents.
> --
1. Red Hat 7.1 - Installing Red Hat packages after Red Hat is already installed.
How can I install packages that I forgot to install with the Red Hat
7.1 installation?
Here's my problem:
Various pieces of Red Hat keep saying that I am missing a file and
that it needs to be installed with a certain package (namely most of
the Kontrol Panel). But I have been unsuccessful at finding where
this is done. I am still a newbie with Linux, but I would assume that
there should be an "Add/Remove Programs" equivalent with Linux.
Please help!
3. Can U install Red Hat 6rpm's in Red 7.1 ?
5. configurar red local red hat 7.0 y windows millenium
8. fix APIC errors on oprofile restore
9. Red Hat 7.1 Newbie Install Queston
10. Red Hat 7.1 kernel updates are out
11. date(minutes) change in bash on red hat 7.1
12. Red Hat 7.1 - Which CD-ROM?
13. Installing an Ami MegaRaid express 500 (40LD) in a Red Hat 7.1