Annotation of doc/security.txt, revision 1.1.1.1
1.1 albertel 1: at some point must update redhat kernel to prevent
2: remote users from crashing machine!
3: something convenient for exam-anxious students
4:
5: /usr/share/config/kcmlocalerc saved as /usr/share/config/kcmlocalerc.rpmsave
6: /etc/X11/xdm/Xsetup_0 saved as /etc/X11/xdm/Xsetup_0.rpmsave
7: up to date patches
8:
9:
10:
11: /etc/hosts.allow
12: /etc/hosts.deny
13:
14: nmap
15: iptraf
16: tcpdump
17: ntop
18:
19: http://ncb.intnet.mu/security/news03.htm
20:
21: * tripwire like md5sum on any subdirectory recursively
22: without following softlinks
23:
24: logs
25: /var/lib/rpm/
26:
27:
28: World-writable files, particularly system files, can be a security
29: hole if a cracker gains access to your system and modifies them.
30: Additionally, world-writable directories are dangerous, since they
31: allow a cracker to add or delete files as he wishes. To locate all
32: world-writable files on your system, use the following command:
33:
34:
35:
36: root# find / -perm -2 ! -type l -ls
37:
38:
39:
40:
41: 9.3. Backup Your RPM or Debian File Database
42:
43: In the event of an intrusion, you can use your RPM database like you
44: would use tripwire, but only if you can be sure it too hasn't been
45: modified. You should copy the RPM database to a floppy, and keep this
46: copy off-line at all times. The Debian distribution likely has
47: something similar.
48:
49: The files /var/lib/rpm/fileindex.rpm and /var/lib/rpm/packages.rpm
50: most likely won't fit on a single floppy. But if Compressed, each
51: should fit on a seperate floppy.
52:
53: Now, when your system is compromised, you can use the command:
54:
55:
56:
57: root# rpm -Va
58:
59:
60:
61:
62: to verify each file on the system. See the rpm man page, as there are
63: a few other options that can be included to make it less verbose.
64: Keep in mind you must also be sure your RPM binary has not been com
65: promised.
66:
67: This means that every time a new RPM is added to the system, the RPM
68: database will need to be rearchived. You will have to decide the
69: advantages versus drawbacks.
70:
71:
72:
73:
74: Internal integrity system
75:
76: duplicate static logs
77: like packages.rpm etc that should never change
78:
79:
80:
81: what to do in case of a security breach
82: send e-mail to korte@lite.msu.edu for now
83: maybe help@lite.msu.edu?
84:
85: display warning message to all instructors
86: with limited information about nature
87: of security breach
88:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to security.txt CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc