How to prevent the execution of malicious commands?
how to prevent the execution of the following commands or how to set a policy
or rule that prevents the execution of the following malicious commands
dd if=/dev/zero of=/dev/sda
rm -rf /
Already linux suport the prevention of that
You need to be root (or root level) to do " rm -rf / "
because: ls -la /
drwxr-xr-x 26 root root 4096 ago 21 19:04 .
only root (or sudoers) have r(Read)w(Write)x(eXecute) acces to "/"
Check who are in the sodoers group and a good pasword for root will prevent that malisios code
about: "dd if=/dev/zero of=/dev/sda"
ls -l /dev/sd*
brw-rw---- 1 root disk 8, 0 oct 16 14:53 /dev/sda
brw-rw---- 1 root disk 8, 1 oct 16 14:53 /dev/sda1
brw-rw---- 1 root disk 8, 2 oct 16 14:53 /dev/sda2
brw-rw---- 1 root disk 8, 3 oct 16 14:59 /dev/sda3
Only root (or sudoers) or people in "disk" group can kill your disk
So check who are in group "disk" and remove malicious users from that group
With GRSecurity, given a first rule of
Using TOMOYO, which has a path-based view of the system, a rule of
SELinux works on top of the "common" (discretionary ) access rights. So if a binary is owned by root user and group with octal access mode 0500 then SELinux will not allow a user with a different context to execute the binary. The following rule
* If anyone spots any errors in the rules above please tell me.
Just a note, you should be fine using the DAC which Linux has built-in. No need for advanced access control lists such as unSpawn is suggesting, however, I would recommend you try them out.
|All times are GMT -5. The time now is 05:35 PM.|