discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Brian Koontz <brian AT opennicproject.org>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] Security Management
- Date: Sun, 6 May 2012 21:24:43 -0500
On Mon, May 07, 2012 at 11:14:16AM +1000, Tully Gray wrote:
> I was wondering what types of non-network related security measures
> people are using to secure their servers? For instance I use hardened
> Gentoo which offers some great features like SELinux, RBAC, and the
> GRsecurity and PaX patches for the Linux kernel. These features can
> be considered to be a second line of defense after network security
> features. For instance; if an attacker does manage to hack into a server
> and gain control of a user or service account, SELinux/RBAC rules can
> provide fine-grained access permissions which should stop further
> privilege escalation. The PaX team is responsible for pioneering ASLR
> (Address Space Layout Randomization) and other counter-measures
> which stop most forms of kernel hacking and return-to-libc type attacks.
To be truthful, the first thing I do is disable selinux...because it
seems like a never-ending battle to create the acls necessary that
every application seems to need. I do run *all* my outward-facing
services under chroot.
--Brian
--
OpenNIC (the sequel) co-founder and wikimaster
IRC: Freenode.net channel #opennic
Attachment:
pgpNW0AaqpAEc.pgp
Description: PGP signature
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, (continued)
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Alex, 05/03/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Dale, 05/03/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, webmaster, 05/03/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Alex, 05/03/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Brian Koontz, 05/03/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Alex, 05/03/2012
- [opennic-discuss] OpenNIC Security Management, josen, 05/05/2012
- Re: [opennic-discuss] Security Management, Falk Husemann, 05/05/2012
- Re: [opennic-discuss] Security Management, Jeff Taylor, 05/05/2012
- Re: [opennic-discuss] Security Management, Tully Gray, 05/06/2012
- Re: [opennic-discuss] Security Management, Brian Koontz, 05/06/2012
- Re: [opennic-discuss] Security Management, Tully Gray, 05/07/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Daniel L, 05/02/2012
- Re: Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, webmaster, 05/02/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Alex Hanselka, 05/02/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Alex, 05/02/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Brian Koontz, 05/03/2012
- Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia, Falk Husemann, 05/02/2012
- [opennic-discuss] question, Daniel L, 05/02/2012
- Re: [opennic-discuss] question, Alex Hanselka, 05/02/2012
- [opennic-discuss] question, Daniel L, 05/02/2012
Archive powered by MHonArc 2.6.19.