Quick Linux Partitioning Tip
By Ian Scott
One way that black hat hackers can get access to your server is by locating a vulnerable application or script that might allow them to upload files to the server. The tmp (/tmp) directory is a directory where such files might get uploaded to.
This quick tip won’t guarantee that your Linux box will never be hacked or cracked or intruded upon, but it can minimize the ability of a cracker to get access and then run executables that have been uploaded to the /tmp directory.
Here’s what you do:
First, you create the /tmp directory on its own partition. This is easiest of course when you are first installing Linux on your computer and are asked if you want to manually partition the hard drives. If you didn’t manually partition the drives and place /tmp on its own partition, it can still be done – but I’ll leave that for another post.
Once the /tmp directory has its own partition and you’ve installed the operating system, you then open up the /etc/fstab file using your favorite editor such as Vi or Emacs.
Remove the word defaults and replace with rw,nosuid,noexec then save the file.
You’ll then need to remount the /tmp partition with the following command:
mount -oremount loop,rw,nosuid,noexec /tmp
Of course, you will need to be root to do the above.
This won’t stop nasty people from uploading files to your /tmp directory, but it will prevent them from being able to run any executable programs from the /tmp directory.
Topics: Computer Security |
A Week Of Major Vulnerabilities Discovered
By Ian Scott
This past week (I’m writing this on May 21st, 2008) has seen some major security vulnerabilities discovered.
Major vulnerabilities include a Microsoft product, and a Linux derivative (Debian) issue with SSL certs.
First with Microsoft: MS Word has a critical vulnerability “that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
Ugh.
If you use MS Word, get the update now. Yesterday might be too late.
Linux servers running Debian or Ubunto that make use of SSL or SSH keys have some major problems too. In a nutshell, the key generating system is flawed, and right now, it is within about three hours of time to exploit so called secure keys on Debian systems unless you’ve installed the fix.
This is a very serious problem and more information is available here.
Topics: Computer Security |
Reiser File System Future
By Ian Scott
The recent conviction of Hans Reiser for murder in California may be of concern to some who have implemented the Reiser file system (ReiserFS) on their Linux machines.
Reiser, who apparently continues to maintain his innocence, was convicted in a California court on April 28, 2008 of killing his wife. It’s been an interesting case for those following it as the body of Nina Reiser has never been found.
Hans Reiser was the principle creator of the Reiser file system, the first journaled file system to be included in the Linux kernel. The benefit of using ReiserFS over other file systems is greater speeds.
However, there are also come criticisms of the Reiser file system and many administrators prefer the ext3 system on mission critical servers.
At the time of this writing, the company that continues to develop ReiserFS, Namesys, was having connectivity issues with its website but reports say that Namesys management have advised that continued development, support and improvements to ReiserFS will be ongoing despite the conviction of Hans Reiser.
Reiser is facing 25 years in jail.
Topics: Uncategorized |
Perfecting Your Password Policy
By Ian Scott
“I need to remember my password, so I keep it simple and easy,” I’ve heard many folk say. “I’ve been told to never write it down, so it has to be memorable.”
Just about anyone who uses a computer these days has had to create a password for something at some point. Whether it’s a password for their user account on their PC or a password for a website bulletin board, password requirements are ubiquitous.
How should one select a password? How secure is “secure?” And is it true you should never write your password(s) down?
Topics: Computer Security, Encryption, Personal Security |
Slip, Slipping Away
By Ian Scott
“The true criminals will go and use random Wi-Fi nodes where you can get anonymous access,” he said. “You haven’t done anything but increase surveillance of law-abiding citizens.”
~ Jim Harper, Cato Institute, as reported by CNET
What price for loss of freedom and expectation of privacy are you willing to pay? While some suggest that if you’re a law abiding person, you have nothing to fear, others say that is not the point. Do you really want to have records of on-line chats, emails you’ve sent or received, and websites you’ve browsed, available for up to two years and available at the whim of law enforcement officers who claim to require access to such data? Read the rest of this entry »
Topics: Personal Security, Privacy |
Iptables And Remote Port 25 Blocking
By Ian Scott
With many ISP’s today blocking remote port 25 connections for what they think is spam prevention, many users are complaining that they are unable to send through the email server they wish to send through.
If this is something that has happened to you, here’s something you might want to refer your ISP to, or if it is your own mail server, a quick trick to allow yourself to connect to an remote SMTP server without opening up new ports on the SMTP server. Read the rest of this entry »
Topics: Firewalls |
« Previous Entries Next Entries »