[BACK]Return to security.txt CVS log [TXT] [DIR] Up to [LON-CAPA] / doc
File:  [LON-CAPA] / doc / Attic / security.txt
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs
Tue Nov 16 17:36:55 1999 UTC (24 years, 5 months ago) by albertel
Branches: foo
CVS tags: version_0_4, stable_2002_spring, stable_2002_july, stable_2002_april, stable_2001_fall, bar, STABLE


    1: at some point must update redhat kernel to prevent
    2: remote users from crashing machine!
    3: something convenient for exam-anxious students
    4: 
    5: /usr/share/config/kcmlocalerc saved as /usr/share/config/kcmlocalerc.rpmsave 
    6: /etc/X11/xdm/Xsetup_0 saved as /etc/X11/xdm/Xsetup_0.rpmsave
    7: up to date patches
    8: 
    9: 
   10: 
   11: /etc/hosts.allow
   12: /etc/hosts.deny
   13: 
   14: nmap
   15: iptraf
   16: tcpdump
   17: ntop
   18: 
   19: http://ncb.intnet.mu/security/news03.htm
   20: 
   21: * tripwire like md5sum on any subdirectory recursively
   22:   without following softlinks
   23: 
   24: logs
   25: /var/lib/rpm/
   26: 
   27: 
   28: World-writable files, particularly system files, can be a security
   29:      hole if a cracker gains access to your system and modifies them.
   30:      Additionally, world-writable directories are dangerous, since they
   31:      allow a cracker to add or delete files as he wishes.  To locate all
   32:      world-writable files on your system, use the following command:
   33: 
   34: 
   35: 
   36:                        root# find / -perm -2 ! -type l -ls
   37: 
   38: 
   39: 
   40: 
   41: 9.3.  Backup Your RPM or Debian File Database
   42: 
   43:   In the event of an intrusion, you can use your RPM database like you
   44:   would use tripwire, but only if you can be sure it too hasn't been
   45:   modified.  You should copy the RPM database to a floppy, and keep this
   46:   copy off-line at all times. The Debian distribution likely has
   47:   something similar.
   48: 
   49:   The files /var/lib/rpm/fileindex.rpm and /var/lib/rpm/packages.rpm
   50:   most likely won't fit on a single floppy.  But if Compressed, each
   51:   should fit on a seperate floppy.
   52: 
   53:   Now, when your system is compromised, you can use the command:
   54: 
   55: 
   56: 
   57:                                root#  rpm -Va
   58: 
   59: 
   60: 
   61: 
   62:   to verify each file on the system.  See the rpm man page, as there are
   63:   a few other options that can be included to make it less verbose.
   64:   Keep in mind you must also be sure your RPM binary has not been com­
   65:   promised.
   66: 
   67:   This means that every time a new RPM is added to the system, the RPM
   68:   database will need to be rearchived.  You will have to decide the
   69:   advantages versus drawbacks.
   70: 
   71: 
   72: 
   73: 
   74: Internal integrity system
   75: 
   76: duplicate static logs
   77: like packages.rpm etc that should never change
   78: 
   79: 
   80: 
   81: what to do in case of a security breach
   82: send e-mail to korte@lite.msu.edu for now
   83: maybe help@lite.msu.edu?
   84: 
   85: display warning message to all instructors
   86: with limited information about nature
   87: of security breach
   88:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>