On Tue, 1 Jul 2003 12:07, Jason Lim wrote: > > Mount /tmp with noexec > > Run a hardened kernel like NSA or Grsecurity. > > etc. > > What would the advantage of mounting /tmp with noexec be??
If you have /tmp, /var/tmp, /home, and any other place the user can possibly write to be noexec then it is more difficult for them to increase their access. It won't stop them, but it will make things more difficult. > Definitely looking into running a hardend kernel now... especially after > all this crap. Only thing that's been holding me back is the amount of > work it would entail..... It's not that difficult. The SE Linux sourceforge project has some docs on installing it. For Debian it's reasonably easy, the only difficult parts are compiling a new kernel with support, and writing any necessary policy. The #selinux IRC channel on irc.debian.org can be used for advice. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
