Re: Linux hardening
From: AragonX (aragonx_at_dcsnow.com)
Date: 08/22/05
- Previous message: Daniel Cid: "Re: Linux hardening"
- Maybe in reply to: AragonX: "Linux hardening"
- Next in thread: Sagiko: "Re: Linux hardening"
- Reply: Sagiko: "Re: Linux hardening"
- Reply: paavan shah: "Re: Linux hardening"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Aug 2005 14:01:39 -0400 (EDT) To: focus-linux@securityfocus.com
<quote who="Sean Finkel">
> I would recommend also securing /tmp (and /var/tmp). Mounting it noexec
> and nosuid is a good step to take. As well, I modified my local wget and
> curl programs to *not* download to /tmp or /var/tmp, as no legitimate
> use for the program (on my servers) will be downloading files to these
> locations. As well, these two programs are commonly used in web script
> attacks to retrieve a remote file and execute it.
Thank you for the reply. I believe this is exactly what happened to me.
I found some binaries in the /tmp directory.
> As well, install and run regularly (via cron) chkrootkit and rootkit
> hunter. You should not rely solely on these programs, but they provide a
> nice check that can assist you in finding some of the more common and
> known intrusions/rootkits.
I have chkrootkit but did not know about rootkit hunter. Thank you again.
I also have AIDE and Snort setup on this machine.
- Previous message: Daniel Cid: "Re: Linux hardening"
- Maybe in reply to: AragonX: "Linux hardening"
- Next in thread: Sagiko: "Re: Linux hardening"
- Reply: Sagiko: "Re: Linux hardening"
- Reply: paavan shah: "Re: Linux hardening"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
