1 |
Hi! |
2 |
|
3 |
On Tue, Nov 25, 2008 at 09:02:58PM -0500, 7v5w7go9ub0o wrote: |
4 |
> I run the "old" hardened toolchain, grsecurity-enhanced hardened kernel, |
5 |
> rbac control, and jails for anything that accesses the LAN/WAN.(heh... I |
6 |
> even chroot and kill dhcpcd after 5 seconds). Avira has hundreds of Linux |
7 |
> rootkit signatures in its database, so I run Avira and Dazuko |
8 |
> realtime/on-access scanning on my /home directory, the chroot jails, and on |
9 |
> the portage workspace used during download and compilation. |
10 |
|
11 |
Wow. While I'm a paranoiac in this sense too, I'm too lazy to do most of |
12 |
these things. It's good to know there are potential for me to advance on |
13 |
this way! ;-) |
14 |
|
15 |
BTW, is your workstation really was under attack (don't counting ssh worms |
16 |
and the like script kiddie games)? Is there was attacks which was able to |
17 |
break first circle of protection (GrSec+PaX+toolchain)? |
18 |
|
19 |
As for me, I decide not to worry about these things (browser chroot, etc.) |
20 |
for now because on workstation most important information is files in my |
21 |
home directory... and applications I use (like browser, mail client, etc.) |
22 |
MUST have access to these files or these applications because nearly |
23 |
unusable for me. So, even with RSBAC, if my mutt will be owned by some |
24 |
malicious email, and it will delete/damage files it usually have access to |
25 |
(like my mailbox :)), that will be _enough_ and make much more damage for |
26 |
me than installing rootkit. So, I choose to do regular automated backups |
27 |
and run chkrootkit/rkhunter from cron just for the case they detect |
28 |
something interesting to play with. :) |
29 |
|
30 |
-- |
31 |
WBR, Alex. |