[mod-security-users] slightly off-topic
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] slightly off-topic
|
From: Daniel G. <inf...@sp...> - 2004-10-28 08:42:20
|
Hey list, this is slightly off topic but I thought you might be a great crowd to ask this. I'm participating in a CTF war game pretty soon and I'm trying to come up with strategies to make sure that once I own a box, no one else can break back in and remove my "flag" from the root home folder. Every team is given a file that they have to place in the /root folder and keep there to score points. So far I'm thinking that once I own the box I do this: immediately delete all the user accounts except root, rename the adduser binary to something legit-looking yet entirely different and do the same for all the shells (bash, csh, etc) installed on the system. Then, load up a kernel module or some other reference monitor type app that watches our 'flag' for modifications and restores it if it's modified. Then of course, immediately install some auto-update program (yum, apt-get, portage, etc) and update all the services running and change their configurations slightly to make them more secure (can't turn off services). Last, install ettercap on the owned box to capture and report curious traffic going to and from the other servers in-play to catch our opponents. If anyone knows some program that watches files like I described please let me know, I'd rather not have to code that from scratch. Can you think of a better strategy once we own a box? Has anyone participated in a CTF game before? Any other tips? Thanks for providing so much good help with mod_security, I've been using it for abour 9 months now on both my Windows and Linux server and it works great. Dan |
