[plug] Linux security idea - maybe
Chris Caston
caston at arach.net.au
Fri Jun 13 15:49:55 WST 2003
Denis,
Sorry that I am not really answering your question in it's purest sense
but I hope this helps:
Probably what you are looking for is a MACL (Mandatory Access Control
Layer) that only gives user accounts certain very limited permissions
but this is much harder to setup and administer than DACL (Discretionary
ACL)
This assumes that if someone breaks into an account running a webserver
server they can only do things that the webserver is allowed to do which
can be kept to the absolute minimum.
I think the following *MAY* be a DACL based distro:
EnGarde
http://infocenter.guardiandigital.com/
On Thu, 2003-06-12 at 21:12, Denis Brown wrote:
> Dear PLUG list members,
>
> It seems to me that the Holy Grail of breaking into a computer system is
> to achieve administrative access. Windows (NT and above) has the
> Administrator account, Unix / Linux has root. One of the things we are
> encouraged to do with Windows is to create another administrative account,
> assign the original Administrator account a super-obtuse password and then
> disable it. The reasoning being (MCSE's correct me here) that even if
> someone actually broke the admin password, they could not do anything with
> the account anyway.
>
> Well, can we do something like that for Unix / Linux? Would it be
> equally useful?
>
> For example create a superuser account with an innocuous name, such as
> pjsmythe. Buried in amongst all the other user accounts, that name is
> unlikely to stand out - apologies to any P.J.Smythe's who may be listening
> :-) So far so good - superuser account creation is a snap; creating
> bizarre passwords is probably a hobby with most sysadmins anyway.
>
> Now, can we disable the "root" account? If we could, a priori there would
> be a need to reassign ownership permissions from root to our indomitable
> pjsmythe so that the root account was left with precious little to do.
> The "root" directory could, I guess, remain. Hmmm... maybe I have seen a
> problem already. Doing an ls -al from any breached user account would
> show a lot of ownership by our friend smythe, so that would be a dead
> giveaway as to who was running the ship.
>
> Even having rained on my own parade, I'll post the message anyway. It may
> spark some discussion that list members may find of use. I dare say the
> above is not a unique idea, in fact I may get the prize for its 1000th
> re-invention :-) What I was hoping to achieve is a situation which puts
> extra difficulties in the way of a remote breaker-in. Someone with
> physical access to the box only needs Tom's RTBoot disk as has been stated
> several times before, unless the box is wearing an overcoat of concrete.
>
> Cheers,
> Denis
>
>
>
>
More information about the plug
mailing list