[TOOL] Secure On-the-Fly File Integrity Checker
From: support@securiteam.comDate: 10/06/02
- Previous message: support@securiteam.com: "[TOOL] FloppyFW, Floppy Based Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sun, 6 Oct 2002 19:13:38 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Secure On-the-Fly File Integrity Checker
------------------------------------------------------------------------
DETAILS
"SOFFIC should be able to intercept any request for read or execution of a
file and, after checking the file integrity, it should be able to permit
or deny the requested operation."
To assure the effectiveness of SOFFIC, some self-protection mechanisms
must be used on each of its components, and the minimum desired security
requirements are defined based on the following statement: "SOFFIC must
NOT trust the ROOT account, not all the time". This can be easily
justified by the fact that most of the vulnerabilities exploited by
malicious agents give them root access privileges or, at least, a half way
done to get it. It should be noted that, if the root account was
completely secure, the standard security mechanisms from the Linux kernel
would be sufficient to assure the integrity of important files and the
SOFFIC project would be worthless.
Since SOFFIC is, basically, a patch to the Linux kernel, the majority of
its components reside in the kernel and so, it is exposed to the same
vulnerabilities that the kernel is. The most noteworthy is the one that
allows kernel image/memory modification. Doing this, the malicious agent
could compromise the behavior of the whole system, from SOFFIC components
to kernel subsystems. Although security is our main concern, performance
issues are also taken into account.
Considering each of the points exposed above, SOFFIC should accomplish its
goals at the same time that enforces its own security and maintain
acceptable performance rates.
ADDITIONAL INFORMATION
The SOFFIC Project (draft) can be downloaded from:
<http://www.inf.ufrgs.br/~gseg/projetos/the_soffic_project.pdf>
http://www.inf.ufrgs.br/~gseg/projetos/the_soffic_project.pdf
The tool can be downloaded from:
<http://www.inf.ufrgs.br/~gseg/projetos/soffic.shtml>
http://www.inf.ufrgs.br/~gseg/projetos/soffic.shtml
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[TOOL] FloppyFW, Floppy Based Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
