Re: Locking Down a Linux Box
From: Jeff Schaller (schaller@freeshell.org)Date: 01/03/02
- Previous message: Peter Mueller: "RE: DHCP and Firewall Problem"
- Maybe in reply to: Seth Arnold: "Re: Locking Down a Linux Box"
- Next in thread: Zachariah Mully: "Re: Locking Down a Linux Box"
- Next in thread: Paul Lussier: "Re: Locking Down a Linux Box"
- Reply: Zachariah Mully: "Re: Locking Down a Linux Box"
- Reply: Mark Tinberg: "Re: Locking Down a Linux Box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 2 Jan 2002 23:36:44 +0000 (UTC) From: Jeff Schaller <schaller@freeshell.org> To: <focus-linux@securityfocus.com>
I have a half-baked idea that I'm working on that involves a
secure linux box. Mine will be a firewall, but the idea could be
extended to an IDS or basic web server or etc.
The idea is that the linux box is a write-once box; all setup and
configuration is done on another system. For example, I currently
create a kernel/filesystem image on a 3.5" floppy that boots and
runs the system. It currently doesn't use (mount) any hard drive
or CD-ROM, but it could.
The kernel on the filesystem doesn't include floppy support; you
could extend this idea to making the floppy's filesystem minix and
then include only minix fs support.
The permissions on the filesystem are stripped to bare minimums,
and then chattr -i'd.
The startup sequence runs a one-time init script which sets up the
firewall rules and services, and then removes most of the
remaining programs ("rm", "ipchains", "mount", etc).
There would be no network access/login to the box -- console,
only, if you want to log in and attempt to do something. If you
want to make changes, you make them on the host system and
re-create the boot floppy.
I like the idea of using a boot floppy because I can remove files
I don't need when I'm done with them; on a CDROM, I can't do that.
So, I like imagining this setup against various attack scenarios,
such as the interesting example put forward by Kurt a few posts
ago where the attack mounts another filesystem over the top of one
of yours. In Jeff's half-baked plan, that wouldn't be possible
because the mount program is gone. There'd be no compiler, or even
room to upload a compiled binary. (A /tmp directory is created
with the minimum amount of space needed for temporary stuff durnig
bootup).
I'm calling it half-baked because I haven't finished it or the
article describing it (and I haven't done those because I haven't
finished working out how I want all the details to work).
-jeff
-- "You're dead", he said. Keli waited. She couldn't think of any suitable reply. "I'm not" lacked a certain style, while "Is it serious?" seemed somehow too frivolous. -- Princess Keli in trouble (Terry Pratchett, Mort)
- Previous message: Peter Mueller: "RE: DHCP and Firewall Problem"
- Maybe in reply to: Seth Arnold: "Re: Locking Down a Linux Box"
- Next in thread: Zachariah Mully: "Re: Locking Down a Linux Box"
- Next in thread: Paul Lussier: "Re: Locking Down a Linux Box"
- Reply: Zachariah Mully: "Re: Locking Down a Linux Box"
- Reply: Mark Tinberg: "Re: Locking Down a Linux Box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
