> making the disks readonly is not trivial ... > lots of work to make it readonly.. a fun project ...
Not really. Nothing should write anywhere except /var and /tmp (did I miss any). Also, if you have users, then /home. In particular, if it is in $PATH, make it read-only. Many root kits trojan system binaries, and will fail on read-only media. By using ramdisks, you can easily make the entire file-system read-only; you need only hit reset restore. > >> o apt-get remove gcc > > i'd remove make, tar and perl Won't removing tar break dpkg? And many other things? Same with perl? And without tar, how to do backups... > > its fun to see installed new root kits that couldn't finish its > tasks cause gcc and tar etc is missing... > - never did understand why the rootkit didnt come with > its own pre-compiled binaries ... > They would have to be staticly linked to have a chance of working, and then the root kit would be several megs per executable larger. >> and, most important: >> o apt-get update && apt-get upgrade > > that assumes that security.debian.org is listed in sources.list > ( *sorry* just had to add the comment.. :-) I've never understood why it isn't always by default. > > for simplicity... one can start here > http://www.debian.org/doc/manuals/securing-debian-howto/ Yep. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
