Date: Tue, 23 Oct 2001 01:35:35 +0200 (SAST) From: The Psychotic Viper <psyv@sec-it.net> To: CS <spork@fasttrackmonkey.com> Cc: Andrew Johns <johnsa@kpi.com.au>, "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: KLD detectors Message-ID: <20011023012559.A28285-100000@lucifer.fuzion.ath.cx> In-Reply-To: <20011022150129.G60205-100000@bigpoop.foo.foo>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi again, On Mon, 22 Oct 2001, CS wrote: > Hi, > > Thanks for the info, I'll test it out on a few I've found (bsd versions of > adore). > > I'm also interested in utilizing securelevels, but I'm still not 100% sure > that securelevel 1 will actually stop this, as there seem to be a number > of tools out there to bypass the securelevel restriction. For example: > > http://www.s0ftpj.org/en/tools.html > > Scroll down to "securelevel bypass": > http://www.s0ftpj.org/tools/securelvl.tgz Yes remember secure levels arent going to be the all in one solution (not sure if i mentioned it before) but helps aid security aware admins and provides yet another layer of security, use it in tandem with freebsd's own security scripts and maybe aide or tripwire to increase security, but any clue'd up cracker could know was around either mechanism which is why the more the better (but be careful not to kludge the machine down with too much as it can become a nightmare too). > Also, I'm finding myself upgrading bits and pieces of the system more > often (telnetd, openssh, etc.) and I'm wavering on what exactly I should > set the "schg" flags on. Most of my machines are remote, and I also don't > want to revert to NT behaviour of "oh you patched, now you must reboot"... As for that point then maybe one of the other alternatives would serve you better as you can do upgrades seamlessly if everything works the way it should.Kernel secure levels make it slightly more difficult to do regular work on the system. So look into other ways of securing your internal machine and monitoring and see which suits you best. Best place to start looking would be /usr/ports/security and around the internet. HTH PsyV To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011023012559.A28285-100000>