Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
01-11-2007, 04:31 AM
|
#16
|
Moderator
Registered: May 2001
Posts: 29,415
|
Is there a way by which I can hide my processes from other users if
1) I am the root
2) If i am not the root
Simplest way to "hide" in a legitimate way isn't hiding: it's a form of separation and the GRSecurity kernel patch can supply that (and much more). With the patch applied a process listing only shows users the PIDS they own unless they are allowed an override. Root can hide processes from other users and users can hide processes from other users but of course users can't hide processes from root and root can't hide processes from root. That would be rootkit territory.
|
|
|
01-11-2007, 04:45 AM
|
#17
|
Senior Member
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
|
Quote:
Originally Posted by Simon Bridge
What? You've lost me... I need the context there dude.
|
I meant surely you have to have UID 0.
Quote:
Originally Posted by Simon Bridge
Sure - someone could sit on the network watching other users processes to see if there are any habits which could be exploited... if users processes are private, this cannot happen.
|
Under security through obscurity I meant that when you have insecure find invocation (subject to quickly changing symbolic links in your home directory, for example), exploiting it requires timing. Feasible if you can know exactly when find is started and what it invokes, if at all... Unrealistic if you do not even see it.
Quote:
Originally Posted by Simon Bridge
The privacy aspect is still there - who cares that a user has vi running when you cannot tell what is being edited?
|
If I run shell scripts to process files, you have a good chance to guess what I am doing (from file names, at least, if not from data passed through command-line).
Quote:
Originally Posted by Simon Bridge
The actual writing is still private (except to folk actually in the same room and looking over the user's shoulder... in the end, privacy is a gentleman's agreement. When privacy is enforced with security, it risks becoming a competition -- a challenge.
|
Quote:
Originally Posted by Simon Bridge
rotfl
|
About restricting root logins? Why? If you have a server which has to be protected even from insider attacks (and data loss costs more than data leak which costs more than temporary outage), it is possible to make three administrators to ensure that system is secure, then make them ensure that the only way to login with some rights (including root login) - is through PAM-handled card-reader, and the only two copies of the keys are freshly-generated and reside on these SD cards. Now security forces come, take these SD cards and in presence of all three administrators the most powerful SD cards are closed in special safe that cannot be opened without consent of top executive. To begin with, it is in his room. Companies have already learned to secure high executives' safes. Why three administrators? Because to bribe all three system administrators in exact time is harder than to bribe one and at any time while he is system administrator. Now what you get is that some people who need to have access to half of data stored on server will not know even what processes are run by people who have rights to access the other half. When it is about financial stuff, it can make sense regardless of costs...
|
|
|
01-11-2007, 02:46 PM
|
#18
|
LQ Guru
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211
Rep:
|
Quote:
it is possible to make three administrators to ensure that system is secure
|
... sure it's "possible" - it may even happen It's just the way you talked about it before was just dripping with irony.
Quote:
it can make sense regardless of costs...
|
I know trading banks that do not do this because it is "too inconvenient". I've seen insurance companies where the server room is locked, but the sysadmin has a terminal for it open on his desk from the time he gets to work... just sitting there... often unattended...
The scenario you describe sounds like the kind of security given to a nuclear arsenal.
... anyway: this brings is back to "why". The "why" question hasn't been answered by OP - you think maybe OP is a top level executive in a financial institution?
Quote:
Originally Posted by unSpawn
Simplest way to "hide" in a legitimate way isn't hiding: it's a form of separation and the GRSecurity kernel patch can supply that (and much more).
|
... i.e. a specially set up system. But good information anyway.
|
|
|
01-11-2007, 03:01 PM
|
#19
|
Senior Member
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
|
Quote:
just sitting there... often unattended...
|
Sometimes school does minimum security better than a bank. Maybe because bank can not think about worse before it happens, and not know after, and in school you'll always get a new nice boot message once you leave a root terminal unattended.
Quote:
you think maybe OP is a top level executive in a financial institution?
|
No. In his case it is at maximum privacy concern and root should simply be trusted. But in general, when we say 'separate users better' it can be also for security. I guess financial is not needed - I think it is not easy to steal too much data on any big company's oncoming new striking product if you work in another research team. If you work on it - sigh...
|
|
|
01-11-2007, 08:06 PM
|
#20
|
Moderator
Registered: May 2001
Posts: 29,415
|
... i.e. a specially set up system.
Did the OP post that as a requirement? Or does this come from someone who posts "fixes" like "chmod o-x /bin/ps"?
|
|
|
01-12-2007, 07:00 AM
|
#21
|
LQ Guru
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211
Rep:
|
unSpawn: heh heh heh - I don't believe that advanced setup was ruled out. Please do not take that comment as a criticism. And I do not view that (chmod thing) as a "fix" - I view that as a "damage": it just happens to address the specific example - I was hoping it would sound flip.
I think the consensus is: "it's possible but elaborate".
One can use security tricks, or be on an especially installed system, or remove the computer from the network.
The details depend on exactly what one hopes to achieve.
If one would like to configure a network soas to hide processes - then we have our solution. If one wants to hide ones own processes on an arbitrary network - it gets tricky.
Early on I asked for specifics - this is what I meant.
I've also been wondering (on the record) "why" anyone would want to do this. Some speculation has been forthcoming... for which I thank the participants.
Hopefully this thread will be more educational to others stumbling across it than a simple answer would be.
raskin:The way I understood it, the bank had tighter security, but found this made day-to-day administration annoying. The relaxed security was a deliberate decision rather than one based on ignorance.
I don't use internet banking in NZ because basic security steps (like long passwords - one-time passwords etc) are not used. (Though, in this case, customers don't like them...)
|
|
|
01-12-2007, 01:17 PM
|
#22
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
Moved: This thread is more suitable in Security and has been moved accordingly to help your thread/question get the exposure it deserves.
|
|
|
01-12-2007, 03:17 PM
|
#23
|
Senior Member
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
|
Quote:
The way I understood it, the bank had tighter security, but found this made day-to-day administration annoying. The relaxed security was a deliberate decision rather than one based on ignorance.
|
Surely they know the rules, but you can never know how much does it cost to violate rules... If you are lucky, it costs nothing.
|
|
|
01-14-2007, 06:49 AM
|
#24
|
Member
Registered: Nov 2001
Location: Sweden
Distribution: GNU/Linux since -97
Posts: 149
Rep:
|
LIDS also provides functions that can hide a process.
Last edited by FredrikN; 01-14-2007 at 07:09 AM.
Reason: //Removed some advice not in line with what LQ stands for.
|
|
|
01-14-2007, 07:04 AM
|
#25
|
Moderator
Registered: May 2001
Posts: 29,415
|
@Simon Bridge: well, I guess that's what I get for not being blunt. What I tried to hint at (being a moderator and all that) is that you basically went and hijacked the thread from the OP and that, if you show to have a limited amount of practical knowledge managing systems (with all due respect), maybe you should not try to categorise other people's answers if you can't assess them properly because "I think the consensus is: "it's possible but elaborate"." clearly is wrong. Anyone (even you ;-p) can set up a GRSecurity-enabled system *without* need for RBAC and *still* containing the separation fixes. (With Gentoo you can for instance since they carry grsec-enabled kernels. Nothing about "trickery" or being elaborate there.) And there you have it...
Last edited by unSpawn; 01-14-2007 at 08:05 AM.
Reason: //be specific, add reply-to
|
|
|
All times are GMT -5. The time now is 10:44 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|