[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] eggdrop and monitoring
- Subject: Re: [cobalt-security] eggdrop and monitoring
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Thu, 17 Apr 2003 02:47:03 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
MS> Date: Thu, 17 Apr 2003 04:13:57 +0200
MS> From: Michael Stauber
MS> > Better yet, look into mounting /home with the "noexec" option.
MS>
MS> I imagine that this can easily backfire. Webmail and Neomail
MS> are usually installed in /home/ and the same is true for
MS> other popular third party software. Some of us also relocated
MS> files from the [/]-partition to [/home] to free up space.
MS>
MS> But even on a stock RaQ this would cause CGI related problems
MS> as the executable bit on scripts would no longer work. Some
MS> binaries related to Interbase in /home/opt/ would throw a fit
MS> as well.
MS>
MS> Aside from that kind of collateral damage it can be a good
MS> security measure if used with the proper care and caution.
Yep... agreed on all counts... which is why I said "look into"
instead of "here's a miracle cure". :-)
Note also that one could play with FollowSymlinks in Apache to go
to another partition, but that gets ugly in a hurry. Quota
issues and the extra precautions required to deal with symlinks
make this a bad idea.
FWIW, I'm not fond of the default RaQ partitioning scheme. I
usually run a 128 MB root partition, and put /tmp, /var, /home,
and /usr on their own partitions. If there's interest in the
reasoning, I'll fork the thread and go into more detail.
Going a bit OT, I think *ix kernels eventually will have more
"triggers" to check events such as execution. FreeBSD has had
kqueue() for several years now, which is very well suited to
tasks like this.
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.