| 1 |
Hi! |
| 2 |
|
| 3 |
On Tue, Nov 25, 2008 at 09:02:58PM -0500, 7v5w7go9ub0o wrote: |
| 4 |
> I run the "old" hardened toolchain, grsecurity-enhanced hardened kernel, |
| 5 |
> rbac control, and jails for anything that accesses the LAN/WAN.(heh... I |
| 6 |
> even chroot and kill dhcpcd after 5 seconds). Avira has hundreds of Linux |
| 7 |
> rootkit signatures in its database, so I run Avira and Dazuko |
| 8 |
> realtime/on-access scanning on my /home directory, the chroot jails, and on |
| 9 |
> the portage workspace used during download and compilation. |
| 10 |
|
| 11 |
Wow. While I'm a paranoiac in this sense too, I'm too lazy to do most of |
| 12 |
these things. It's good to know there are potential for me to advance on |
| 13 |
this way! ;-) |
| 14 |
|
| 15 |
BTW, is your workstation really was under attack (don't counting ssh worms |
| 16 |
and the like script kiddie games)? Is there was attacks which was able to |
| 17 |
break first circle of protection (GrSec+PaX+toolchain)? |
| 18 |
|
| 19 |
As for me, I decide not to worry about these things (browser chroot, etc.) |
| 20 |
for now because on workstation most important information is files in my |
| 21 |
home directory... and applications I use (like browser, mail client, etc.) |
| 22 |
MUST have access to these files or these applications because nearly |
| 23 |
unusable for me. So, even with RSBAC, if my mutt will be owned by some |
| 24 |
malicious email, and it will delete/damage files it usually have access to |
| 25 |
(like my mailbox :)), that will be _enough_ and make much more damage for |
| 26 |
me than installing rootkit. So, I choose to do regular automated backups |
| 27 |
and run chkrootkit/rkhunter from cron just for the case they detect |
| 28 |
something interesting to play with. :) |
| 29 |
|
| 30 |
-- |
| 31 |
WBR, Alex. |
Archives