RE: Locking Down a Linux Box
From: zsn (zesnark@yahoo.com)Date: 12/26/01
- Previous message: Hal Flynn: "Firewall Rulesets Are Available"
- In reply to: Jimi Thompson: "Locking Down a Linux Box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "zsn" <zesnark@yahoo.com> To: <focus-linux@securityfocus.com> Date: Tue, 25 Dec 2001 16:23:09 -0800
Additional recommendation: If it doesn't break your scripts also
remove ed, uu[encode/decode], dd, etc. Mount every filesystem you
can noexec, and mount those you can't from read-only media. While
these steps make administering the machine somewhat more difficult,
they also make executing unauthorized code on that machine quite
difficult.
z
Question for all:
> Third, before placing the machine in the DMZ, we always
> uninstall all the text editors (VI, EMACS, etc.). This way
> even if the box is hacked, they have a LOT of work in front
> of them to actually DO anything to it. (Can you imagine
> having to run "ed" on the httpd.conf or html pages?) We also
> uninstall any compilers and browsers as well (gcc, lynx, etc.).
- Previous message: Hal Flynn: "Firewall Rulesets Are Available"
- In reply to: Jimi Thompson: "Locking Down a Linux Box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
