making the disks readonly is not trivial ...
lots of work to make it readonly.. a fun project ...
Not really. Nothing should write anywhere except /var and /tmp
(did I miss any). Also, if you have users, then /home.
In particular, if it is in $PATH, make it read-only. Many root
kits trojan system binaries, and will fail on read-only media.
By using ramdisks, you can easily make the entire file-system
read-only; you need only hit reset restore.
o apt-get remove gcc
i'd remove make, tar and perl
Won't removing tar break dpkg? And many other things? Same with perl?
And without tar, how to do backups...
its fun to see installed new root kits that couldn't finish its
tasks cause gcc and tar etc is missing...
- never did understand why the rootkit didnt come with
its own pre-compiled binaries ...
They would have to be staticly linked to have a chance of
working, and then the root kit would be several megs per
executable larger.
and, most important:
o apt-get update && apt-get upgrade
that assumes that security.debian.org is listed in sources.list
( *sorry* just had to add the comment.. :-)
I've never understood why it isn't always by default.
for simplicity... one can start here
http://www.debian.org/doc/manuals/securing-debian-howto/
Yep.
