Re: Locking Down a Linux Box

From: Paul Lussier (pll@mclinux.com)
Date: 01/03/02 

To: Seth Arnold <sarnold@wirex.com>
Date: Thu, 03 Jan 2002 09:59:03 -0500
From: Paul Lussier <pll@mclinux.com>

In a message dated: Wed, 02 Jan 2002 13:47:55 PST
Seth Arnold said:

>On Mon, Dec 24, 2001 at 01:00:08PM -0500, Jimi Thompson wrote:
>> Third, before placing the machine in the DMZ, we always uninstall all
>> the text editors (VI, EMACS, etc.). This way even if the box is
>> hacked, they have a LOT of work in front of them to actually DO
>> anything to it. (Can you imagine having to run "ed" on the httpd.conf
>> or html pages?) We also uninstall any compilers and browsers as well
>> (gcc, lynx, etc.). =20
>
>Heh, I'm sure practically every unix-ish admin can give you dozens of
>ways to edit files without vi or emacs... In other words, while this
>will provide a serious annoyance for you, hackers are liable to be able
>to edit files all the same.
>
>I'd suggest holding onto your text editors, so that you don't mind
>working on the machines you have to adminster.. :)

Yeah, removing text editors is just a pain to yourself. If I'm going
crack into a box and change files, I don't need an editor. Once I
can get to the box, I move remotely edited files to it in a number of
ways, or, just reload the text editors.

Besides, are you also going to remove things like sed, awk, tr, mv,
cat, pr, etc.? Are you going remove shell built-in commnds like
echo, and disable I/O redirection (<,>,|, <<, and >>) ?

Also, you may think editing html or config files with ed is a
daunting and overwhelming task, but remember, there are people who
remember when ed was light-years more advanced than what came before.
In other words, there are still people around today who know how to
use, and *can* use ed quite efficiently. If that's all you leave
them, they'll use it. 

-- 

Seeya,
Paul
----

			  God Bless America!

	...we don't need to be perfect to be the best around,
		and we never stop trying to be better. 
		       Tom Clancy, The Bear and The Dragon

Relevant Pages

  • Re: Locking Down a Linux Box
    ... We also uninstall any compilers and browsers as well ... ways to edit files without vi or emacs... ... I'd suggest holding onto your text editors, ... The Bill of Rights: 7 out of 10 rights haven't been sold yet! ...
    (Focus-Linux)
  • Re: Great SWT Program
    ... you admitted earlier that emacs provides ... they are binary files. ... notes or whatever all without actually editing very much text. ... editors, or text editors and Photoshop, or something equally stupid. ...
    (comp.lang.java.programmer)
  • Re: Great SWT Program
    ... IDE-like features such as syntax highlighting and automatic ... I discovered that vim had them too. ... Just for the record, and vim is a fine product, emacs has these features also. ... those of us who cling to these old-time editors would ...
    (comp.lang.java.programmer)
  • Re: Great SWT Program
    ... editors that are at best out of date and at worst simply wrong. ... The result of typing 'emacs' with no arguments at a shell. ... The CUA link explains how to get those specific keys for copy ... blown terminals in their own right, with access to all the cool stuff ...
    (comp.lang.java.programmer)
  • Re: Recommendation for Code/Text Editor?
    ... >>...for every one of us who thinks the vi interface sucks, ... that many programmers have for their editors". ... Both vi and emacs can do anything: ...
    (comp.arch.embedded)