[Prev][Next][Index][Thread]
Linux & security .
Eddie Harari writes:
> Hello ,
>
> I would like to know if any of you people , is well known with
> linux security issues, what i mean , is can I trust INSIDE users
> from not breaking in and gain root passwd ?
>
> the reason I am asking this question is , I am well aware of
> general unix security holes which can be explioted out of suid
> and sgid programs and scripts. some of this bugs\hacks will
> effect any linux system .
>
> who is dealing with this things and how ???
No one is personally responsible for linux security, but many are
doing their part.
The standard unix sources/techniques are important. These include:
-The standard security agencies, such as CERT, bugtraq, etc.
-There are all the standard unix security tools, such as cops,
tripwire, etc.
-All the usual things that system administrators should check
and deal with, such as getting rid of all suid and sgid files that
can possibly be parted with, making sure system directories aren't
user writable, keeping a careful eye on all log files, cheking for
suid and sgid files in weird places, such as home directories &
/tmp, etc.
The linux specific sources include:
-The people who build distributions try to incorporate security
hole
fixes (Redhat comes to mind - they're fairly prompt in putting new
rpm files into the update directory of their file server).
-The linux-security mailing lists
(linux-security-digest@tarsier.cv.nrao.edu, for example).
-The linux-gcc and linux-kernel mailing lists (which occasionally
note security problems).
Good luck,
--
Dr. Harvey J. Stein
Berger Financial Research
abel@netvision.net.il
References: