stripping secure servers (was Re: releases and stuff)
bet at rahul.net
Mon Nov 15 14:06:54 PST 2004
> Yeah, I'm was with you all the way until you mentioned not even
> having a shell. That's where I usually stop.
And most everybody else.
Doing without the whole init script structure, especially the pile
of voodoo (and other sorts of stuff, much of it fertile) that's the
network startup scripts, tends to put many people off.
But just picture the frustration of a script kiddie who found your
server vulnerable to a zeroday in some daemon you're running, their
tramp catches the flying instruction pointer, rockets into their
'spoit code, forks, all cool, execs /bin/sh --- and nothing happens!
Sure, thee and me could bootstrap ourselves into such a system, but
it'd be so very frustrating to the stereotypical computer intruder.
I've yet to try and set up a complex server this way, just some very
simple ones --- pure http servers, dns servers, backup servers,
things like that. Start a few service daemons and an sshd that can't
do anything much interesting but update config files or content with
hardwired rsync configs (rsync cmdline in authorized_keys).
In some sense, since a sufficiently knowlegeable intruder could
crowbar their way in anyway, this can be accused of Security Through
Obscurity; but since the expertise gap between script kiddie and
Sufficiently Knowlegeable is pretty big, I like it anyway. And hey,
it makes me feel all macho:-).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the hlfs-dev