[ale] Help with server setup

Jim Kinney jim.kinney at gmail.com
Tue Sep 15 16:47:20 EDT 2009


There's all kinds of hardening that can be done. Disable root login,
remove mount command, make the entire / directory read only. You have
to balance security locks vs. usability.

On Tue, Sep 15, 2009 at 4:30 PM, Ed Cashin <ecashin at noserose.net> wrote:
> On Tue, Sep 15, 2009 at 4:22 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
>> you remove the chattr command from /sbin once you are done marking
>> your system all read-only just before the reboot.
>
> Hmm.  I might be missing the point.  It seems like root could just
> mount a tmpfs and build a new chattr in there---Removing chattr
> seems more like an inconvenience to a would-be attacker than a
> real preventative measure.
>
> --
>  Ed Cashin <ecashin at noserose.net>
>  http://noserose.net/e/
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
-- 
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness



More information about the Ale mailing list