FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 06-07-2008, 12:21 PM
Erek Dyskant
 
Default Hardening CentOS by removing "hacker" tools

> Not if /home and /tmp and /var/tmp are mounted with noexec,nodev,nosuid,...

Actually, wrong.

/lib/ld-2.5.so ~/bin/wget


--Erek

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-07-2008, 01:11 PM
Ralph Angenendt
 
Default Hardening CentOS by removing "hacker" tools

Erek Dyskant wrote:
>
> > Not if /home and /tmp and /var/tmp are mounted with noexec,nodev,nosuid,...
>
> Actually, wrong.
>
> /lib/ld-2.5.so ~/bin/wget

Actually, wrong:

[angenenr@shutdown ~]$bin/true ; echo $?
0
[angenenr@shutdown ~]$/lib64/ld-2.5.so bin/true; echo $?
0
[angenenr@shutdown ~]$sudo mount -o remount,noexec /home
[angenenr@shutdown ~]$bin/true ; echo $?
-bash: bin/true: Permission denied
126
[angenenr@shutdown ~]$/lib64/ld-2.5.so bin/true; echo $?
bin/true: error while loading shared libraries: bin/true: failed to map
segment from shared object: Operation not permitted
127
[angenenr@shutdown ~]$

Ralph
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-09-2008, 12:59 PM
Ray Leventhal
 
Default Hardening CentOS by removing "hacker" tools

Filipe Brandenburger wrote:

On Fri, Jun 6, 2008 at 10:09 PM, Jim Wildman <jim@rossberry.com> wrote:


Better, google for "tiny centos" and build a new box with the minimum on it.



Hmmm, that looks exactly like what I'm looking for! I'm actually
trying to find someone who has already done the tough work and could
give me some tips on what to expect on that path. I'll see what Google
has to offer and if I find something useful I'll post it here.

Thanks!
Filipe
_______________________________________________

Applying apf (http://rfxnetworks.com/apf.php) as a front end for
iptables enables a sweet setup for RAB (Reactive Address Blocking).
I liked it a lot starting back when I was using FC1...I know the
project is still around and I have it running on my CentOS5.1 box as
well. There's no rpm of which I'm aware, but it's a simple install.
Makes iptables very easy to manage.


YMMV,
-R
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:44 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org