[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] eggdrop and monitoring

Subject: Re: [cobalt-security] eggdrop and monitoring
From: Eugene Crosser <crosser@xxxxxxxxxxx>
Date: 17 Apr 2003 09:09:56 +0400
Organization:
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Thu, 2003-04-17 at 06:00, E.B. Dreger wrote:

> MS> e) Search in the /home/sites directory and user directories
> MS> for executable files, examine 'em and if it looks fishy then
> MS> you might want to chown the file to be owned by root and put
> MS> a chmod 600 on it so that nobody can execute 'em anymore. If
> MS> it was important to the customer, then they'll sure give you
> MS> a call and you can then take it from there.
> 
> Better yet, look into mounting /home with the "noexec" option.

That will break all CGI scripts, I think.  Oterhwise, a generally good
idea.  More exactly, all filesystems that have directories writable to
users (such as /tmp, /var/tmp, /var/spool/...) should be mounted with
noexec.  You probably cannot do it it on a RaQ but on a custom hosting
server you could.

Eugene

References:
- Re: [cobalt-security] eggdrop and monitoring
  - From: E.B. Dreger

Prev by Date: Re: [cobalt-security] eggdrop and monitoring
Next by Date: Re: [cobalt-security] Ipchains and dns
Previous by thread: Re: [cobalt-security] eggdrop and monitoring
Next by thread: Re: [cobalt-security] Ipchains and dns

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index