How to prevent the execution of malicious commands?
Hi all,
how to prevent the execution of the following commands or how to set a policy or rule that prevents the execution of the following malicious commands dd if=/dev/zero of=/dev/sda rm -rf / |
Already linux suport the prevention of that
You need to be root (or root level) to do " rm -rf / " because: ls -la / drwxr-xr-x 26 root root 4096 ago 21 19:04 . only root (or sudoers) have r(Read)w(Write)x(eXecute) acces to "/" Check who are in the sodoers group and a good pasword for root will prevent that malisios code about: "dd if=/dev/zero of=/dev/sda" ls -l /dev/sd* brw-rw---- 1 root disk 8, 0 oct 16 14:53 /dev/sda brw-rw---- 1 root disk 8, 1 oct 16 14:53 /dev/sda1 brw-rw---- 1 root disk 8, 2 oct 16 14:53 /dev/sda2 brw-rw---- 1 root disk 8, 3 oct 16 14:59 /dev/sda3 Only root (or sudoers) or people in "disk" group can kill your disk So check who are in group "disk" and remove malicious users from that group Saludos Guille |
Quote:
With GRSecurity, given a first rule of Code:
/ { Code:
/bin/dd { Code:
role unpriv u Using TOMOYO, which has a path-based view of the system, a rule of Code:
<kernel> /sbin/mingetty /bin/login /bin/bash /bin/rm Code:
<kernel> /sbin/mingetty /bin/login /bin/bash /bin/dd SELinux works on top of the "common" (discretionary ) access rights. So if a binary is owned by root user and group with octal access mode 0500 then SELinux will not allow a user with a different context to execute the binary. The following rule Code:
module deny 1.0.0; * If anyone spots any errors in the rules above please tell me. |
Just a note, you should be fine using the DAC which Linux has built-in. No need for advanced access control lists such as unSpawn is suggesting, however, I would recommend you try them out.
They're great. |
All times are GMT -5. The time now is 04:49 PM. |