[1806] in linux-security and linux-alert archive
[linux-security] Re: Re: Checking remote servers
daemon@ATHENA.MIT.EDU (Pluto)
Sun May 31 03:54:15 1998
Date: Sat, 16 May 1998 18:52:24 +0100 (GMT+0100)
From: Pluto <pluto@pizzaservice.de>
In-reply-to: <19980512155439.11196@bogon.com>
To: linux-security@redhat.com
Reply-to: pluto@pizzaservice.de
Resent-From: linux-security@redhat.com
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 12 May 1998 jhenders@bogon.com wrote:
> Why not eliminate the possibility of someone changing the binaries
> completely by running them from the cdrom. Put as much of the filesystem
Fedexing the new CD's around means having somone walk to the box, so if
he / she is already there, why not have him/her punch the speed button
which is easily attached to the write protect switch of some SCSI hd's?
Makes maintaining easier, I'd think.
When you leave two partitions for /var and /tmp rw but mounted
noexec, suid/sgid and nouser there shouldn't be a geat chance for a
intruder to get some custom login to run. And overwriting some apps with a
logfile should be prevented by the ro filesystem.
Ipfwadm with strict reject rules should keep you from beeing visible to
the average imap2, smtp, finger etc. portscanning CyBERDuDe :-)
Yours
Pluto
/*------------------------------------------------------------------*\
Free information! Freedom through knowledge. Wisdom for all!! =:-)
Key fingerprint: 1F 3F EA 94 D0 56 A6 86 4D 19 C4 56 6C F9 43 44
----- Your todays fortune cookie ------
I do hate sums. There is no greater mistake than to call arithmetic an
exact science. There are permutations and aberrations discernible to
minds entirely noble like mine; subtle variations which ordinary
accountants fail to discover; hidden laws of number which it requires a
mind like mine to perceive. For instance, if you add a sum from the
bottom up, and then again from the top down, the result is always
different.
-- Mrs. La Touche (19th cent.)
----- End of fortune ------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAgUBNV3SW8SyBNtyYarNAQE4CgQAnra9sWi9CqXU/BRyY3tRksXbBZHlIvGl
ssK2BGV1ooVHvYYDhAWFVmJD/YYS42D1w9q4wZJsDw/GqZAyK0nIUnydDy5XMyRC
EM0J4w5QEEQ2aF1y2j56Py//6a5W7vMDSmbWM2cMbkg30dPOUncyhruWVIAQB0Zj
tvDYzdqXx1k=
=kmP8
-----END PGP SIGNATURE-----
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null