Firewall Wizards mailing list archives
RE: Securing a Linux Firewall
From: Roger Marquis <marquis () roble com>
Date: Tue, 23 Jul 2002 15:49:19 -0700 (PDT)
I've had to maintain "jumpstart"-like images for secure servers. Maintaining a "known-good" list for privileged binaries is relatively straightforward. Maintaining a "known-good" list of _all_ binaries is a nightmare. I further assert that maintaining a "known-bad" list is a lost cause.
I agree. It's really a matter of cost vs. benefit. If you kept track of all the binaries that a Unix server doesn't need you wouldn't have time to read firewall-wizards much less securityfocus, CERT, and all the other information sources required to keep current. Deleting unused binaries on non-shell servers has a negligible effect on the risk. De-suid sure, delete known-vulnerable binaries sure, but much beyond that is a waste of time. It's already hard enough to secure Unix much less Linux or Windows. My cheet sheet is already over 850 lines long (some of which can be found at <http://www.roble.com/docs/secure_solaris.html>). These are all substantive hardening measures. Adding marginal stuff like 'rm /bin/rcp' would only skew the signal to noise ratio in the wrong direction. IMHO -- Roger Marquis Roble Systems Consulting http://www.roble.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Securing a Linux Firewall, (continued)
- Re: Securing a Linux Firewall BORBELY Zoltan (Jul 24)
- RE: Securing a Linux Firewall Bill Royds (Jul 24)
- Re: Securing a Linux Firewall Kyle R. Hofmann (Jul 24)
- Re: Securing a Linux Firewall Stephen P. Berry (Jul 26)
- Re: Securing a Linux Firewall R. DuFresne (Jul 26)
- Re: Securing a Linux Firewall Gwendolynn ferch Elydyr (Jul 24)
- Re: Securing a Linux Firewall Stephen P. Berry (Jul 25)
- Re: Securing a Linux Firewall Gwendolynn ferch Elydyr (Jul 25)
- RE: Securing a Linux Firewall David Lang (Jul 24)