Full Disclosure mailing list archives
a secure base system
From: harry <Rik.Bobbaers () cc kuleuven ac be>
Date: Mon, 15 Mar 2004 12:37:13 +0100
hi all,i have a little question. i'm asked to set up a base system, which has to be secure. we want a system from which we can easily install a compromised system. so i had a few ideas to make it as secure and yet as usable as possible:
- use debian testing (stable is too old, unstable is ... well... you know ;))
- /var and /tmp mounted nosuid and noexec - grsec kernel - use lvm (so you don't need to worry about the sizes af the partitions) - remote logging to our logging server - all this in hardware raid 1 for easy transfer to other systems- iptables with all connections refused (you need physical access to do something)
- maybe allow ssh (no root logins)?==> is this ok, too paranoia or is there somenting i'm missing, and cound it be even more safe?
how about a compiler? normally, all soft on it is compiled by hand, but it is also "necessary" for a local exploit.
any ideas? remarks? tnx in advance -- harry aka Rik Bobbaers K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 Rik.Bobbaers () cc kuleuven ac be -=- http://harry.ulyssis.org "Work hard and do your best, it'll make it easier for the rest" -- Garfield _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- a secure base system harry (Mar 15)
- Re: a secure base system Jochem Kossen (Mar 15)
- Re: a secure base system Ron DuFresne (Mar 15)
- Re: a secure base system Maikel Verheijen (Mar 15)
- Re: a secure base system Fabrice MARIE (Mar 15)
- RE : a secure base system -> ADAMANTIX Abdelkader ALLAM (Mar 15)
- Re: a secure base system martin f krafft (Mar 15)
- Re: Re: a secure base system Tobias Weisserth (Mar 15)
- Re: Re: a secure base system martin f krafft (Mar 15)
- Re: Re: Re: a secure base system Tobias Weisserth (Mar 15)
- Re: Re: Re: a secure base system martin f krafft (Mar 15)
- RE : a secure base system -> ADAMANTIX Abdelkader ALLAM (Mar 15)
- Re: a secure base system Jochem Kossen (Mar 15)