[Thewall-general] [thewall - Open Discussion] File-permissions / Hardening

[<no...@so...>]

Read and respond to this message at: 
http://sourceforge.net/forum/message.php?msg_id=1577716
By: rainer_germany

Hello again,  ;-)

today i started to configure out the minimal file permissions needed for theWall
to
run...

But there is something very curious: 
Even if i change file-permissions of a file to 000, so that nobody should be
able to access the file, root is able to read, write and execute it.

Is the rights management not fully implemented or is this a general fault on
FreeBSD systems?  Sure root is the superuser, but as long as he is able to run
chmod, he could gain his rights back.

I have worked a few years as security administrator on mainframe systems (IBM
OS 390/MVS)
and there it was usual to crumble down the rights to everything you don't need
access to. That is to prevent accidently change or loss of any data.

A few weeks ago, i have read a few articles about hardening, especially for
OpenBSD Systems at: geodsoft.com\howto\harden

There are some realy good idears, here are only a few:
It would be nice to add a little note in the documentation to enable the write
protection
of the floppy disk when the firewall ist still running and nobody is actual
working on it.
By doing so, a hacker isn't able to make persistant changes to the system -
after a reboot we have always a clear system.

Another suggestion is to remove the Logon Banners on the console and telnet.

Is it possible to implement cron and automate a Nightly Security Audit to detect
filechanges and to create a changelog?

An IDS-system (snort?) and a sniffer would also be nice to detect and analyse
attacks.. ;-)


greetings
Rainer

______________________________________________________________________
You are receiving this email because you elected to monitor this forum.
To stop monitoring this forum, login to SourceForge and visit: 
http://sourceforge.net/forum/monitor.php?forum_id=101881