Traduisez - Übersetzen - Traduzca - Traduza - Tradurre - Translate

VanLUG Email Archive

Re: Why Do Hackers Do This?

Curt Sampson
Thu, 1 Oct 1998 14:59:46 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dave Michelson: "FOUND: Red Hat 5.0 Installation Guide"
Previous message: Raphael Wong: "Re: Linux at COMDEX/Canada West '99"

On Thu, 1 Oct 1998, Raymond D. Mereniuk wrote:

> Would it
> do any good to redirect a copy of all input of lets say the secure file
> to a printer? Even if they erased/edited the file you would still have
> a record. How would you do this?

Here's what NetBSD does to let you secure this sort of stuff.

The system has the concept of securelevels, which any superuser
process can raise, but only init can lower. These have the following
functions:

-1 Permanently insecure mode - always run system in level 0 mode.

0 Insecure mode - immutable and append-only flags may changed. All
devices may be read or written subject to their permissions.

1 Secure mode - system immutable and system append-only flags may not
be turned off; disks for mounted filesystems, /dev/mem, and
/dev/kmem are read-only.

2 Highly secure mode - same as secure mode, plus disks are always
read-only whether mounted or not. This level precludes tampering
with filesystems by unmounting them, but also inhibits running
newfs(8) while the system is multi-user. The settimeofday(2) sys-
tem call can only advance the time.

There are also some flags beyond the standard permissions that may
be set on files; the two of interst here ar ehte append-only flag,
which allows only appending to a file, nothing else, and the
immutable flag, which does not allow changes to a file.

To to secure your system, you'd need to set the append-only flag
on your logfiles and the immutable flag on your critical configuration
files. Then you have the system come up to securelevel 2 when it
goes multi-user. Now the cracker can't change your config files
and can't erase anything that gets logged to show what he's done.
He can't turn off these flags, not even by writing directly to the
memory or the raw disk devices. The only way to change config files
or erase the evidence is to shut down the system to single user
mode, which will then cut off all network communication: only
someone with access to the console can do anything with the machine
at that point.

cjs

--
Curt Sampson  <



>  604-257-9400    De gustibus, aut bene aut nihil.
Any opinions expressed are mine and mine alone.
The most widely ported operating system in the world: http://www.netbsd.org

Next message: Dave Michelson: "FOUND: Red Hat 5.0 Installation Guide"
Previous message: Raphael Wong: "Re: Linux at COMDEX/Canada West '99"