Månedsarkiv: juli 2004

Restricting system calls with systrace (BSD)

Keep your programs from performing tasks they weren’t meant to do. One of the more exciting new features in NetBSD and OpenBSD is systrace, a system call access manager. With systrace, a system administrator can specify which programs can make … Læs resten

Udgivet i FreeBSD, Knowledge Base, Old Base | Skriv en kommentar

Restrict apps with grsecurity

To restrict specific applications, you will need to make use of the gradm utility, which can be downloaded from the main grsecurity site (http://www.grsecurity.net). You can compile and install it in the usual way: unpack the source distribution, change into … Læs resten

Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

Lock down your kernel with grsecurity

Harden your system against attacks with the grsecurity kernel patch. Hardening a Unix system can be a difficult process. It typically involves setting up all the services that the system will run in the most secure fashion possible, as well … Læs resten

Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

Make compilers estinguis buffer overflows (eller noget)

In C and C++, memory for local variables is allocated in a chunk of memory called the stack. Information pertaining to the control flow of a program is also maintained on the stack. If an array is allocated on the … Læs resten

Udgivet i Knowledge Base, Old Base | Skriv en kommentar

Mysql authentication for proftpd

Make sure that your database system’s OS is running as efficiently as possible with these tweaks. proftpd is a powerful FTP daemon with a configuration syntax much like Apache. It has a whole slew of options not available in most … Læs resten

Udgivet i Knowledge Base, Old Base | Skriv en kommentar

Chrooting / jailin application

Mitigate system damage by keeping service compromises contained. Sometimes keeping up with the latest patches just isn’t enough to prevent a break-in. Often, a new exploit will circulate in private circles long before an official advisory is issued, during which … Læs resten

Udgivet i Knowledge Base, Old Base | Skriv en kommentar

automatic siganutre verification

Use scripting and key servers to automate the chore of checking software authenticity. One of the most important things you can do for the security of your system is to be familiar with the software you are installing. You probably … Læs resten

Udgivet i Knowledge Base, Old Base | Skriv en kommentar

chek cor listening services

Find out whether unneeded services are listening and looking for possible backdoors. One of the first things that should be done after a fresh operating system install is to see what services are running, and remove any unneeded services from … Læs resten

Udgivet i Knowledge Base, Old Base | Skriv en kommentar

Sudo crash course

The sudo utility can help you delegate some system responsibilities to other people, without giving away full root access. It is a setuid root binary that executes commands on an authorized user’s behalf, after she has entered her current password. … Læs resten

Udgivet i Knowledge Base, Old Base | Skriv en kommentar

Append only logfiles freebsd/linux

Use file attributes to prevent intruders from removing traces of their break-in. In the course of an intrusion, an attacker will more than likely leave telltale signs of his actions in various system logs. This is a valuable audit trail … Læs resten

Udgivet i FreeBSD, Knowledge Base, Linux, Old Base | Skriv en kommentar