LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-27-2001, 09:26 PM   #1
clmilton
LQ Newbie
 
Registered: Nov 2001
Location: Baltimore, MD
Distribution: Probably Mandrake
Posts: 2

Rep: Reputation: 0
Hiding SCSI drive


I don't think my new thread was accepted, so I repeat myself:
I propose to use the Romtec Trios Multi IDE Hard Drive Selector to permit me to boot from a Linux drive or a Windows drive. The drive not in use is disconnected. However, there is a SCSI RAID 5 set of drives connected all of the time. When I boot Linux, I do not want the SCSI drives to be accessible, so that if I goof, and if an intruder seizes control of my system he cannot get to them either. I plan to use the CD-RW drive when I need to move something from one system to the other. Is this plan feasible, and if so, for what must I watch out?
clmilton@charm.net
 
Old 11-28-2001, 02:26 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598
Ive done this with one box, but I havent pentested it yet to see how hard it would be to regain full access. These three steps I took are purely defensive, and could/could not work for you.

To make it a little bit harder to see what's there you to edit /etc/fstab and delete any corresponding drive entries.
Delete the corresponding scsi drive devices in /proc. Then an intruder would need to make devices himself for which root is necessary (mkdev).
Check if there's no automounter/autosetup kinda daemon running thatll detect/make hw changes.

As an active step to harden your box you could compile your kernel with the GRSecurity patch, which enhances the kernel with a lot of detection features, acl's, restrictions and extended logging, and deploy Snort(+Aide/Tripwire/orr Samhain) as a form of IDS/integrity detection to warn you for anomalies.

HTH somehow
 
Old 11-28-2001, 11:36 AM   #3
clmilton
LQ Newbie
 
Registered: Nov 2001
Location: Baltimore, MD
Distribution: Probably Mandrake
Posts: 2

Original Poster
Rep: Reputation: 0
Thumbs up

Your thoughtful reply is greatly appreciated.
From reading other threads I see that it was no exception!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
GRUB or LILO boot to SCSI drive on SCSI system w/ IDE card mkl838 Linux - General 1 03-06-2005 10:01 PM
Hiding NTFS drive the_imax Linux - General 7 10-30-2004 03:05 PM
hiding Linux drive from Windows 2000 andrewstr General 7 05-10-2004 12:32 PM
Hiding Linux Drive from Windows jonah Linux - General 4 02-28-2004 11:53 AM
Hiding Linux drive from Windows driven2sin Linux - Newbie 4 07-03-2003 07:53 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration