Annotation of doc/security.txt, revision 1.1
1.1 ! albertel 1: at some point must update redhat kernel to prevent
! 2: remote users from crashing machine!
! 3: something convenient for exam-anxious students
! 4:
! 5: /usr/share/config/kcmlocalerc saved as /usr/share/config/kcmlocalerc.rpmsave
! 6: /etc/X11/xdm/Xsetup_0 saved as /etc/X11/xdm/Xsetup_0.rpmsave
! 7: up to date patches
! 8:
! 9:
! 10:
! 11: /etc/hosts.allow
! 12: /etc/hosts.deny
! 13:
! 14: nmap
! 15: iptraf
! 16: tcpdump
! 17: ntop
! 18:
! 19: http://ncb.intnet.mu/security/news03.htm
! 20:
! 21: * tripwire like md5sum on any subdirectory recursively
! 22: without following softlinks
! 23:
! 24: logs
! 25: /var/lib/rpm/
! 26:
! 27:
! 28: World-writable files, particularly system files, can be a security
! 29: hole if a cracker gains access to your system and modifies them.
! 30: Additionally, world-writable directories are dangerous, since they
! 31: allow a cracker to add or delete files as he wishes. To locate all
! 32: world-writable files on your system, use the following command:
! 33:
! 34:
! 35:
! 36: root# find / -perm -2 ! -type l -ls
! 37:
! 38:
! 39:
! 40:
! 41: 9.3. Backup Your RPM or Debian File Database
! 42:
! 43: In the event of an intrusion, you can use your RPM database like you
! 44: would use tripwire, but only if you can be sure it too hasn't been
! 45: modified. You should copy the RPM database to a floppy, and keep this
! 46: copy off-line at all times. The Debian distribution likely has
! 47: something similar.
! 48:
! 49: The files /var/lib/rpm/fileindex.rpm and /var/lib/rpm/packages.rpm
! 50: most likely won't fit on a single floppy. But if Compressed, each
! 51: should fit on a seperate floppy.
! 52:
! 53: Now, when your system is compromised, you can use the command:
! 54:
! 55:
! 56:
! 57: root# rpm -Va
! 58:
! 59:
! 60:
! 61:
! 62: to verify each file on the system. See the rpm man page, as there are
! 63: a few other options that can be included to make it less verbose.
! 64: Keep in mind you must also be sure your RPM binary has not been com
! 65: promised.
! 66:
! 67: This means that every time a new RPM is added to the system, the RPM
! 68: database will need to be rearchived. You will have to decide the
! 69: advantages versus drawbacks.
! 70:
! 71:
! 72:
! 73:
! 74: Internal integrity system
! 75:
! 76: duplicate static logs
! 77: like packages.rpm etc that should never change
! 78:
! 79:
! 80:
! 81: what to do in case of a security breach
! 82: send e-mail to korte@lite.msu.edu for now
! 83: maybe help@lite.msu.edu?
! 84:
! 85: display warning message to all instructors
! 86: with limited information about nature
! 87: of security breach
! 88:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to security.txt CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc