[ale] Help with server setup
Jim Kinney
jim.kinney at gmail.com
Tue Sep 15 16:47:20 EDT 2009
There's all kinds of hardening that can be done. Disable root login,
remove mount command, make the entire / directory read only. You have
to balance security locks vs. usability.
On Tue, Sep 15, 2009 at 4:30 PM, Ed Cashin <ecashin at noserose.net> wrote:
> On Tue, Sep 15, 2009 at 4:22 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
>> you remove the chattr command from /sbin once you are done marking
>> your system all read-only just before the reboot.
>
> Hmm. I might be missing the point. It seems like root could just
> mount a tmpfs and build a new chattr in there---Removing chattr
> seems more like an inconvenience to a would-be attacker than a
> real preventative measure.
>
> --
> Ed Cashin <ecashin at noserose.net>
> http://noserose.net/e/
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
--
--
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness
More information about the Ale
mailing list