Re: Linux hardening

• Previous message: no_spam_at_me.com: "Re: SMB : TCP/445 impossible to sniff a document sent to be printed to a MS Spooler Server"
• In reply to: Craig Holmes: "Re: Linux hardening"
• Next in thread: AragonX: "Re: Linux hardening"
• Reply: AragonX: "Re: Linux hardening"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 25 Aug 2005 12:16:32 +0530
To: leusent@link-net.org

> Many people have recommended mounting /tmp and /var/tmp noexec. This is a good
> idea but keep in mind that it is easy to execute commands even on a noexec
> filesystem (using the ld-linux library). So don't be surprised if some
> slighly clever attacker is running a binary from that location.
>

how is it possible to run binaries using ld-linux library?Can you put
more light on it?
I am asking this because i believe to catch a thief you have to become a thief.

As far as linux hardening is concerned: I would like to
summarize,group members please add your notes to it:

1)Installing your servers with bare minimum packages and see to it
that only needed services are running.
2)Before you install a new package on your production do check for
known vulnerabilities for that package and if possible always get the
latest package.always verfiy the integrity of the package using
md5sum.
3)With integrity checkers like tripwire periodically check your
essential binaries and configuration files for any modifications.
4)DO use log analyzers like logcheck and swath to detect important events.
5)Periodically check your system for rootkits using rootkit hunter and
chkrootkit.
6)Regulary backup your essential data to other machines or hard disks
such that in case of failure the data can be recovered.
7)get packages from autorized sites only.
8)Keep a watch for upcoming attacks and vulnerabilites for the
softwares installed on ur machine.Patch them and keep them uptodate.
9)check your system for possible viruses using antivirus like clamAV.

List,if more points are to be added then do add to the summary.

• Previous message: no_spam_at_me.com: "Re: SMB : TCP/445 impossible to sniff a document sent to be printed to a MS Spooler Server"
• In reply to: Craig Holmes: "Re: Linux hardening"
• Next in thread: AragonX: "Re: Linux hardening"
• Reply: AragonX: "Re: Linux hardening"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [Full-Disclosure] SUSE Security Announcement: XFree86-libs, xshared (SUSE-SA:2004:034) ... The function xpmParseColorsis vulnerable to an integer overflow ... patch rpm: ... Pending vulnerabilities in SUSE Distributions and Workarounds: ... sure about the origin of the package and its content before installing ... (Full-Disclosure) [CLA-2003:769] Conectiva Security Announcement - sane ... PACKAGE: sane ... Vulnerabilities in saned and in temporary files handling ... application that allows the sharing of scanners across a network. ... (Bugtraq) SUSE Security Announcement: squid (SuSE-SA:2004:016) ... The NTLM authentication helper application of Squid is vulnerable to ... Pending vulnerabilities in SUSE Distributions and Workarounds: ... The sitecopy package includes a vulnerable version of the ... A buffer overflow in psqlODBC could be exploited to crash the ... (Bugtraq) [Full-Disclosure] SUSE Security Announcement: squid (SuSE-SA:2004:016) ... The NTLM authentication helper application of Squid is vulnerable to ... Pending vulnerabilities in SUSE Distributions and Workarounds: ... The sitecopy package includes a vulnerable version of the ... A buffer overflow in psqlODBC could be exploited to crash the ... (Full-Disclosure) [USN-55-1] imlib2 vulnerabilities ... Ubuntu 4.10 ... The problem can be corrected by upgrading the affected package to ... These vulnerabilities might also lead to privilege escalation if a ... (Bugtraq)