brute force ssh attack
Guy Fraser
guy at incentre.net
Thu Apr 28 18:21:46 UTC 2005
On Thu, 2005-28-04 at 10:38 -0700, John Wendel wrote:
> William Hooper wrote:
> >
> > Well, the question asked would be nice:
> > "Thus it has some method of getting root privileges."
> >
> > The response:
> > "Inexperienced sysadmins."
> >
> > The quote showing that was the case:
> > "Daniel Kirsten wrote:
> > 'Yesterday, I examined the directory ~daikanyama/.undernet and probably I
> > executed mech as root. The file mech is indeed infected by Linux/Rst-B.
> > This explains everything.......'
> >
> > So the "method of getting root privileges" is "regular users of their own
> > machines" running random executables (like the ones downloaded by a script
> > kiddie) as root.
> >
> > I'm interested in hearing how you would like to close this vulnerability.
> >
> > --
> > William Hooper
> >
>
> I should probably keep quiet, but I don't really mind looking like a fool.
>
> I'm an "inexperienced sysadmin" for my Linux boxes, and I have
> destroyed a few by doing stupid things, like running an untested
> script (that I wrote) as root that deleted all the file in /etc.
>
> What I'd really like is for system files to be mounted read only.
> Maybe by having a hardware switch that makes the system disk read
> only. Booting from a DVD that contained everything except /var, /tmp,
> and /home would be another alternative. This of course requires that
> everyone cleans up their code to only update files in /var, instead of
> writing in /etc.
There are a number of thing an experienced administrator can do
to alleviate these problems. Unfortunately many of the people
who are using or want to use Linux are not experienced
administrators. There are a number of options that can be
used to mount partitions with more strict permissions, but in
order for that to work, more directories need to be mounted in
separate partitions. There is not a lot of consensus on how to
define what partitions should be created or how big they need
to be or with what permissions they should have, so administrators
tend to customize each machine for the situation in which it will
be used.
A long, long time ago Redhat decided how it was going to arrange
the locations of system files and add on packages. I seem to
recall questioning some of the file locations back around 3 or 4
but decided to just live with Redhats file locations. Unfortunately
I am not alone in questioning some of the file locations. If files
were placed in locations more consistent with old school hierarchal
system used by most BSD systems and a few Linux distributions, it
would be easier to protect the base system binaries and configuration
files.
SELinux has a lot of promise in alleviating the file location
issues. SELinux is supposed to be able to properly secure a system
without having to create a bunch of partitions with different
mounting options. It should allow a more general file system
structure that is not dependant on the situation in which the
machine will be used, as is created by the current default
install.
>
> I'm sure some smart people have already worked out the details for a
> system like this. Anyone aware of this kind of work? I'd be interested
> in seeing it.
>
> Thanks,
>
> John Wendel
More information about the fedora-list
mailing list