[prev in list] [next in list] [prev in thread] [next in thread]
List: lids-user
Subject: [lids] Some notes..
From: "nickk" nickk
Date: 1999-10-25 4:52:51
[Download RAW message or body]
[Attachment #2 (text/plain)]
Hi.
Lids works fine in my linux box, I only changed /etc/ids.conf
to /etc/security/ids.conf (I just used to keep my /etc as
clean as possible). One question - is it necessary to
¸z‹n‹a"Linux vfs security system starting
Linux vfs security system started"
at boot? It's almost the same, realy.. ;-) I believe that
one informative string would be more than enough,
something like 'VFS: security mode on'..
The second question is Your thesis about achieving security
"...When someone breaks into your system and gets
ROOT priviledge ..." Well, when someone gets root access
I suppose there's no protection - first thing that comes in
my mind is rather simple: (protecting /etc/lilo.conf is realy
~éãºËm¢»§–)h ©è¶�«r‰ß~)^jwl¥ç"(§¶�~)^±ç.®+r�F¬‘êçzZZ©¬jwm…éëyº(¶fœ†)In that case \
the only decision is to writeprotect MBR either via BIOS or by adding new feature, \
i.e. ability to protect some bytes/blocks on block device (/dev/hda[1-512]) or smth..
Protecting device files in current version means just
protecting files, not devices - is it what should be? There must
mæ°k+h¦º-yËm…ì!¢W¨®–«¶‡Ýzøœyúè›
â¶)àSome words about extended attributes - it's still possible to
change all of them including compression in security mode.
The only harm I can imagine is setting
'chattr -R -m bzip2 +c' for entire filesystem to slowdown a
system ;-), but I think lids should preserve ext. attributes too.
And final thing - I've tried to create hardlinks to protected
~)^±©Ý}¨¥yجŠÓ¤Thanks!
6'$
[Attachment #3 (text/html)]
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<br>Hi.
<br>Lids works fine in my linux box, I only changed /etc/ids.conf
<br>to /etc/security/ids.conf (I just used to keep my /etc as
<br>clean as possible). One question - is it necessary to
<br>write out both
<br>"Linux vfs security system starting
<br> Linux vfs security system started"
<br>at boot? It's almost the same, realy.. ;-) I believe that
<br>one informative string would be more than enough,
<br>something like 'VFS: security mode on'..
<br>The second question is Your thesis about achieving security
<br>"...When someone breaks into your system and gets
<br>ROOT priviledge ..." Well, when someone gets root access
<br>I suppose there's no protection - first thing that comes in
<br>my mind is rather simple: (protecting /etc/lilo.conf is realy
<br>fun..) just to run 'lilo -C another_conf_file' and specify in that
<br>file 'security=0' as kernel params and then reboot machine.
<br>In that case the only decision is to writeprotect MBR either
<br>via BIOS or by adding new feature, i.e. ability to protect
<br>some bytes/blocks on block device (/dev/hda[1-512]) or smth..
<br>Protecting device files in current version means just
<br>protecting files, not devices - is it what should be? There must
<br>be a way to protect the whole (or part of) device from writing.
<p>Some words about extended attributes - it's still possible to
<br>change all of them including compression in security mode.
<br>The only harm I can imagine is setting
<br>'chattr -R -m bzip2 +c' for entire filesystem to slowdown a
<br>system ;-), but I think lids should preserve ext. attributes
too.
<p>And final thing - I've tried to create hardlinks to protected
<br>files and failed, is it Ok?
<p>Thanks!
<pre>--
&n \
bsp; &nbs \
p; \
Nick. \
--------------------------------------------</pre>
<pre></pre>
</body></html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic