l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2008 Aug 21 19:06

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Linux file/module security proposal.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Linux file/module security proposal.

jim wrote:
>    i'm considering rebuilding my machines on a 
> regular basis. in the case of a vital service, 
> it seems a clustered set of servers would permit 
> taking one out and rebuilding it then putting it 
> back in and taking out another, rebuilding, and 
> so on. 
>    rebuilding would be a matter of copying over 
> all executables, probably using the  dd  command. 
>    it would be important to partition the hard 
> drive and load only the kernel, libraries, 
> executables, and config files that were necessary 
> to support the service. 
>    i'd consider removing or renaming or 
> recompiling essential utilities such as ls and 
> grep and ps and vi and so on. 
>    tho'ts? 

What is the advantage?  Seems like a fair bit of work, constantly migrating 
the files you keep vs the ones replace.  It doesn't really add any security, 
if you had a vulnerability before the image you will have one after.  Sure 
backdoor installation would have to happen again.  But you'd have be very 
careful auditing any files you take from the old version of the system.  I'd 
invest the admin time for the reimaging and setting up the infrastructure to 
hardening, backups, or documentation so that if you do get exploited.  It also 
could make patching more complicated.

So I don't see what dd gets you, or did you mean from a partition that's never 
exposed to the internet?  What does the recompiling do for ya?  I guess with a
more detailed explanation I could provide more detailed feedback.
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.