From: "Arturo 'Buanzo' Busleiman" <buanzo@buanzo.com.ar>
To: gentoo-server@lists.gentoo.org
Subject: Re: [gentoo-server] Best practices in managing large server groups
Date: Mon, 21 May 2007 11:36:40 -0300 [thread overview]
Message-ID: <4651AE78.3060705@buanzo.com.ar> (raw)
In-Reply-To: <Pine.LNX.4.64.0705211525330.9909@office.4L>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Ronan Mullally wrote:
> As do many rootkits. If somebody gets local access to a server with a
> suite of development tools they're well on their way to rooting the box.
> Removing these tools is simply a good example of security in depth.
You just slow the attack a little bit by removing the compiler. The attacker will probably use
statically linked binaries, or compile somewhere else. Most rootkits do not depend on external
libraries, neither, except for kernel modules, of course, that depend on the kernel's source.
But, of course, if they got access to the box, then the compiler is the least of your problems at
that time, but I have to admit that the "slowing the attacker down" is an extra layer of protection.
It provides the sysadmins/users/monitoring software more time to detect the breach.
- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
OpenPGP for HTTP: New Web-Auth Scheme: http://freshmeat.net/articles/view/2599
Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGUa54AlpOsGhXcE0RCv2JAJ9FBW3UVp/LHa0utGFAcjSoD94fVwCeINiK
94XbD11OieY31dQM6M4/URY=
=4HBQ
-----END PGP SIGNATURE-----
--
gentoo-server@gentoo.org mailing list
next prev parent reply other threads:[~2007-05-21 14:39 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-20 18:29 [gentoo-server] Best practices in managing large server groups Charles Duffy
2007-05-20 20:20 ` Nicolas MASSE
2007-05-20 20:34 ` Charles Duffy
2007-05-20 21:25 ` Ramon van Alteren
2007-05-21 9:04 ` Ronan Mullally
2007-05-21 13:44 ` Thilo Bangert
2007-05-21 14:30 ` Ronan Mullally
2007-05-21 14:36 ` Arturo 'Buanzo' Busleiman [this message]
2007-05-21 14:53 ` Ronan Mullally
2007-05-21 15:01 ` Arturo 'Buanzo' Busleiman
2007-05-21 15:28 ` Christian Bricart
2007-05-21 15:54 ` Arturo 'Buanzo' Busleiman
2007-05-22 4:19 ` Justin Cataldo
2007-05-22 4:59 ` Brian Kroth
2007-05-21 15:10 ` Karl Holz
2007-05-21 15:51 ` Ronan Mullally
2007-05-21 16:27 ` Ryan Gibbons
2007-05-21 17:29 ` Ronan Mullally
2007-05-21 17:35 ` Petteri Räty
2007-05-21 17:46 ` Ronan Mullally
2007-05-21 17:47 ` José Costa
2007-05-21 17:54 ` José Costa
2007-05-21 22:58 ` Karl Holz
2007-05-21 23:11 ` Ramon van Alteren
2007-05-22 5:10 ` Brian Kroth
2007-05-22 16:54 ` Charles Duffy
2007-05-22 17:23 ` Wendall Cada
2007-05-22 21:06 ` [gentoo-server] " Charles Duffy
2007-05-23 1:33 ` Wendall Cada
2007-05-23 7:37 ` [gentoo-server] " Ramon van Alteren
2007-05-23 12:28 ` Andrew Gaffney
2007-05-23 13:03 ` Ramon van Alteren
2007-05-23 13:46 ` Andrew Gaffney
2007-05-26 9:53 ` Thilo Bangert
2007-05-22 12:58 ` Tomasz Szymczak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4651AE78.3060705@buanzo.com.ar \
--to=buanzo@buanzo.com.ar \
--cc=gentoo-server@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox