LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Blogs > In The Middle Of Nowhere [edK's blog]
User Name
Password

Notices

In The Middle Of Nowhere

Life, universe and everything...
--
Blog title (C) Orbital
Rate this Entry

Hardening security and fun around it

Posted 12-06-2010 at 11:21 PM by Web31337
Updated 12-06-2010 at 11:22 PM by Web31337

I've had a long session of improving security on my home server yesterday.
I never actually made a permanent and correct monitoring with rkhunter, but when I ran through all it's options, I finally came to realize this is just awesome, it just OWNZ! Greets to developers team!!!
Some guys from LQ Security forum really are the experts. I always knew that, but just again, in case you read my blog, I'd like to thank you all, the members of "online security team" of LQ, you know if you're in that team Linux is a great OS and you did and still do a hard work in helping people to understand security and how much it actually means!

Still writing scripts. I'm beginning to think about implementing a confirmation system. Say, after unsuccessful check of a file list checksums by python script that will always be up and connected to jabber server, it first sends mail, SMS and then requests a confirmation from other user on jabber. If user fails to confirm change in few minutes, drop the network. There can be other ideas
Actually the point of such systems in most cases is not to stop the cracker, but alert sysadmin. Because, the only cure here can be... say, if we imagine the cracker is absolute hardcore professional, who cracked in at time when scripts are idling, found them, understood them and took actions to prevent any notification, in case with jabber bot he will have to kill it, because it contains hash tables of all files in RAM, and it is only once loaded on start and once saved on exit, modified when it receives confirmation of change or rehash request from client. The reason why he can't modify RAM is explained by not having any debugging tools and compilers (why should you have one on server?) and some even more binary-hacks in coreutils preventing a building/uploading/use of such tools.
And when he does, the client bot in jabber detects resource of jabber bot went offline and commits hard unplug of network via external device, like cdrom opening that hits the shutdown button on router, etc, etc...
Don't take this idea seriously, I just have a great imagination. You better learn and use grsecurity kernel patches HUGE thanks to that team as well, you |20(|<!!!
There really are a very few projects that worth a remembrance, and rkhunter & grsecurity are definitely on the list!
Posted in etc, security
Views 607 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 10:27 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration