Securing Linux

Presumably you would have to leave /tmp world writeable, which means anyone could mount or write a file into /tmp, and still get access that way. While the immutable attribute might be a good tactic, it is 90% uneffective if they are able to write to the drive at all. And for that matter, why not simply serve everything off of CD...

A really secure distro would be CD-based, and the stuff you actually needed to change would be mounted read only and remounted only when you actually needed to change something. Then again, a secure system would be something you'd want to start building yourself, that way you know exactly what packages you've installed.

Still, if it might slow an intruder down, it's a good idea. :)

Quote:

---

Originally posted here by silentstalker
And let me say something about *nix here ok guys? When putting your sites up on yer *nix boxes, please please please, dont allow anonymous FTP access or unauthorized telnet proxy usage ok?

This is because, when I hack, I first connect to the site anonymously via FTP. Usually theres a good deal of info I can acquire from the site and its box by just looking and the freaking directory listings.

---

What exactly does this have to do with what was written. Sure, as some general advice to lock down the box, this is an ok idea, but it's irrelevant to this thread.

Quote:

---

A really secure distro would be CD-based, and the stuff you actually needed to change would be mounted read only and remounted only when you actually needed to change something.

---

It's secure in the sense that it will stop people from making changes to your data. But they can still access the data if they break in. It's a very interesting idea though. Any ideas how would you implement this practically chsh?

Quote:

---

Originally posted here by chsh
Presumably you would have to leave /tmp world writeable, which means anyone could mount or write a file into /tmp, and still get access that way. While the immutable attribute might be a good tactic, it is 90% uneffective if they are able to write to the drive at all. And for that matter, why not simply serve everything off of CD...

A really secure distro would be CD-based, and the stuff you actually needed to change would be mounted read only and remounted only when you actually needed to change something. Then again, a secure system would be something you'd want to start building yourself, that way you know exactly what packages you've installed.

Still, if it might slow an intruder down, it's a good idea. :)

---

Quote:

---

Originally posted here by smirc


It's secure in the sense that it will stop people from making changes to your data. But they can still access the data if they break in. It's a very interesting idea though. Any ideas how would you implement this practically chsh?

---

i have heard about floppy and cd-based distributions, mainly suitable for routers/firewalls/gateways that operate this way. boot is off the cd or floppy, any config changes can be saved to a floppy. i can't think of any off the top of my head though.

regards,
mark.

Silent i apologize for being an ass. You are right were all here to learn about system security.
chsh actually from what i have seen the tmp doesn't have to be writable but even if it was and every thing elese was locked down they would have to load the chattr comm and into the tmp file and then run from there.Its possible but first you would have to know it was the chattr command that did it in the first place. Or even a better idea would be have an ids set up so that everytime someone cd to /tmp it set of a million allerts.

As with the cdrom it works quite well ive tried that. My only issue would be system changes. But Hell burn a new cd. I want to try it on a dvd next.

Is that really practical, though? You'd have to have a hell of a fast CDRW(or two) and RamBus to keep down the lag, wouldn't you? It's an intriguing idea, and I don't use Linux yet, but it could be feasible, given the right circumstances...
Good thread and great ideas here...

Ouroboros

Apology excepted Linuxcommando, this is the kind of quality of people that I expected to find in AO.. curtious. Well, see you all around.

Quote:

---

Originally posted here by smirc


It's secure in the sense that it will stop people from making changes to your data. But they can still access the data if they break in. It's a very interesting idea though. Any ideas how would you implement this practically chsh?

---

Yes, but break-ins become more difficult because the attacker can't upload any trojaned binaries.

It's also probably a good idea in this way to keep /etc/shadow, /etc/passwd, and any other such config files on a floppy with the write protect flipped. That way, if you need to change a password, you just flip the tab to write enabled, make your changes & etc., and then flip it back, no problems at all.

As for how you'd do this, certain directories that have to be writable would be /tmp, but you could specify a size on these, and just use ramdisks for them. It'd take some doing, but overall, the system is much more secure than chattr +i'ing the whole file system (I think so anyways).

Root can chattr -i it unless you have certain kernel patches otherwise. With a ro filesystem, they'd have to upload their hacked binaries to /tmp, which would have limited space, and only be writeable by certain users.

Quote:

---

Originally posted here by Ouroboros
Is that really practical, though? You'd have to have a hell of a fast CDRW(or two) and RamBus to keep down the lag, wouldn't you? It's an intriguing idea, and I don't use Linux yet, but it could be feasible, given the right circumstances...
Good thread and great ideas here...

Ouroboros

---

No, it wouldn't matter. Keep in mind that this setup is only useful for the system files and utilities (ps, etc).. Your config files would be on a floppy (write protected) and for dynamic content-serving webservers, you would be using a drive only for your content (probably the database, and anything else that absolutely must change). Theoretically, unless you NEED to put information into the database, you would have your DB locked down to RO so that you could only do selects as well (without select into).

BTW, entirely CD-Based distributions aren't horrendously slow to use, as the kernel and command line, even X loads into memory. There is only a slight lag time between read on the disc and execution of the application.

Personally, I'm all for not using read-only media, as I feel that neither solution is particularly good. It's better to secure your box, not run suspicious apps as root, and just generally check your logs (setting up tripwire might be a good idea).

There's a few problems when making an entire filesystem from / up un-writeable. Nothing can be written by anything and that means swap can't be accessed, /tmp can't be used (there went oracle, which uses tmp heavily), if you're running DHCP, the leases file can't be updated which means the dhcpd will dump and nobody's being served IPs which means your network just went **** up.

It's a good idea and these are only a few things that could go wrong off the top of my head, but I wouldn't make my entire box unwriteable.

--Edit--

More things I just thought of: wtmp/btmp/utmp (dependent on flavor) can't be written when login successfully authenticates/denies someone access. FTP logs can't be updated, syslogs can't be written (I don't know if syslog dies on linux, it does on HP).

If someone smart knows the box is chattr'd then all they have to do is flood the box with regular requests/etc and before too long, the box is dead in the water.