[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] eggdrop and monitoring
- Subject: Re: [cobalt-security] eggdrop and monitoring
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Date: 17 Apr 2003 09:09:56 +0400
- Organization:
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Thu, 2003-04-17 at 06:00, E.B. Dreger wrote:
> MS> e) Search in the /home/sites directory and user directories
> MS> for executable files, examine 'em and if it looks fishy then
> MS> you might want to chown the file to be owned by root and put
> MS> a chmod 600 on it so that nobody can execute 'em anymore. If
> MS> it was important to the customer, then they'll sure give you
> MS> a call and you can then take it from there.
>
> Better yet, look into mounting /home with the "noexec" option.
That will break all CGI scripts, I think. Oterhwise, a generally good
idea. More exactly, all filesystems that have directories writable to
users (such as /tmp, /var/tmp, /var/spool/...) should be mounted with
noexec. You probably cannot do it it on a RaQ but on a custom hosting
server you could.
Eugene