Re: /lib/security/.config

From: Peter Eddy (petere@atg.com)
Date: 03/13/02


From: Peter Eddy <petere@atg.com>
Date: Wed, 13 Mar 2002 11:43:27 -0500

David Hart wrote:
>
> Peter Eddy <petere@atg.com> wrote:
>
> > Yes these points are correct, but in my many years of managing my
> > personal Linux firewall I've noticed that crackers have never bothered
> > to modify RPM. Additional files are often found by inspecting scripts
> > that RPM reports as modified, these scripts generaly contained commands
> > to start the cracker's tools which are the additional files.
>
> So you're saying that with your 'personal' firewall you've been cracked
> often enough to gain an opinion on what crackers install? Kind of
> devalues the perceived value of your experience, doesn't it?
>

By personal I mean a firewall for my home network, one not used for a
business. I don't think that's an uncommon enough use of the term
"personal firewall" to warrant the apparently pejorative quotes in your
comment.

As far as my record, I've had the firewall in question for about six
years. Four cracks in six years isn't a bad record for a non diligently
maintained home Linux based firewall with a static IP address. The most
recent one was the SSH vulnerability and I was cracked just hours after
learning about it.

I will argue that by simply reformatting/reinstalling you've lost
valuable knowledge of what crackers and their tools do and therefore
make yourself more vulnerable to future attempts. I know this heterodoxy
causes tempers to flair among well meaning security minded people, but
the recommendation to simply reformat and reinstall often simply results
in the machine returning to it's original vulnerable state.