Firewall Wizards mailing list archives
Re: Securing a Linux Firewall
From: Brian Hatch <firewall-wizards () ifokr org>
Date: Tue, 23 Jul 2002 13:48:07 -0700
OK - as someone who seems to represent the "remove the executables" camp, can you explain your reasoning? I've never been able to understand _why_ removing files buys you anything? (See my previous post for my strategy - castrate all priveleged binaries, turn off all services, and turn logging to high)
Naturally there's the theory that 'anything you make available is another potential vulnerability'. I also like to remove unneeded executables (or rather the packages (deb/rpm/etc) themselves in whole) because it makes it more annoying to a cracker to need to upload programs like 'grep' when they're not on the system. Nuke 'ls' and see how many crackers will leave because it's not worth the time. But more importantly, any software that can be a daemon you should remove. Why? Because when you update your software (rpm -F with newest rpms, or apt-get update your debian box) it may turn that program back on by default. So why have it installed at all? -- Brian Hatch "I see you are as Systems and willful as ever." Security Engineer "Far more, I've greatly http://www.ifokr.org/bri/ improved, I've had more experience." Every message PGP signed
Attachment:
_bin
Description:
Current thread:
- Securing a Linux Firewall Marc DVer (Jul 23)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall R. DuFresne (Jul 23)
- Re: Securing a Linux Firewall Frederick M Avolio (Jul 23)
- Re: Securing a Linux Firewall Carson Gaspar (Jul 23)
- Re: Securing a Linux Firewall Paul Robertson (Jul 23)
- Re: Securing a Linux Firewall Mordechai T. Abzug (Jul 23)
- Re: Securing a Linux Firewall Frank Knobbe (Jul 23)
- Re: Securing a Linux Firewall Ng Pheng Siong (Jul 24)
- Re: Securing a Linux Firewall Carson Gaspar (Jul 23)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall Frederick M Avolio (Jul 23)
- <Possible follow-ups>
- RE: Securing a Linux Firewall Bruce Platt (Jul 23)
- RE: Securing a Linux Firewall Carson Gaspar (Jul 23)
- RE: Securing a Linux Firewall Paul Robertson (Jul 23)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall John McDermott (Jul 23)
- Re: Securing a Linux Firewall Marcus J. Ranum (Jul 23)
- Re: Securing a Linux Firewall Marcus J. Ranum (Jul 23)
- RE: Securing a Linux Firewall Carson Gaspar (Jul 23)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)