Re: Web server security?

[Steffen Kluge <kluge () fujitsu com au>]

On Wed, 2004-06-23 at 01:32, Paul D. Robertson wrote:
> And the whole hook design is broken, because all kernel data gets exposed
> to any module that likes to register - what an invitation to root kit
> authors.

That's an interesting point, in fact, I've always advocated (and
practised) the use of kernels without loadable module support for
Internet exposed machines. Loadable kernel modules are simply too nice a
playground for attackers and a deluxe and simple way of installing
backdoors (at least on non-capability enables systems)

I haven't looked into grsecurity closely enough to have an opinion, so
far I've been using Solar Designer's (OpenWall) patches.

Finally, I'm a satisfied user of the BastilleLinux scripts that among
other things remove a lot of setuid madness and also remove execute
permissions for non-privileged users from a lot of utilities - reliably,
reproducibly and all in one fell swoop. After all, an Internet server is
not a development platform or workstation...

Since mjr's recommended approach to building secure servers (starting
from nil and adding only what one really needs) doesn't scale too well
for me, and my time/resource constraints dictate that I re-use what
other people have packaged and will update/support, I usually start with
off-the-shelf systems and customise and strip them down as good as I
can.

Cheers
Steffen.

Attachment: signature.asc
Description: This is a digitally signed message part