1 |
Why don't you tell what you didn't understand to us explain it |
2 |
properly to you?. You can't assure nothing if you don't know what do |
3 |
you need to assure. |
4 |
You can't implement Mandatory Access Controls such as GRSEC rbac |
5 |
without a bit of known. You need to make one policy for your system |
6 |
and the kernel makes it enforcing their function. |
7 |
|
8 |
If you are not a sysadmin, how did you keep servers running?, to keep |
9 |
servers you need to know how does them work internaly (for example DNS |
10 |
rfc for DNS servers etc.). |
11 |
|
12 |
As bad is not getting one MAC system running (as the RBAC of |
13 |
grsecurity) as get one incorrectly configured running, for example |
14 |
granting all capabilities (CAP_SYS_RAWIO...) to the user running |
15 |
skype. GRSEC has one TPE function in himself read about it. |
16 |
|
17 |
Sorry but you have to read documentation (start for example with |
18 |
gentoo hardened docs). |
19 |
|
20 |
2008/12/26 Grant <emailgrant@×××××.com>: |
21 |
>> Without hardened userland only in access controls. You can implement |
22 |
>> for example one Trusted Path Execution with LIDS, RSBAC, GRSEC or |
23 |
>> SELinux. They could try to stop crackers that gain unpriviledge access |
24 |
>> to the host (with a remote exploit for example) to execute exploits to |
25 |
>> scale priviledges. They could give you one least priviledge approach |
26 |
>> (as PaX does) and other useful things, as isolation of daemons, |
27 |
>> resources controls. And a lot of more. With TPE however, untrusted |
28 |
>> scripts (exploits) could be launched without execution rights, and |
29 |
>> even restricting the use of perl and python, you must grant your users |
30 |
>> the access to bash. |
31 |
> |
32 |
> Thank you for taking the time to explain, but I'm afraid I don't |
33 |
> understand. I'm looking for things I can implement that don't require |
34 |
> me to understand their inner workings. This is not ideal, but I only |
35 |
> have so much time to devote to sysadmin duties since I'm not a real |
36 |
> sysadmin. My server runs a hardened profile because it hasn't caused |
37 |
> any problems, but running a hardened profile on my desktops has proven |
38 |
> to be too difficult. All of my systems run a hardened kernel but the |
39 |
> only hardened feature I've enabled in the kernel is Grsecurity set to |
40 |
> medium or low depending on the system. |
41 |
> |
42 |
> Do the hardened profile and hardened kernels do me any good without |
43 |
> further configuration? |
44 |
> |
45 |
> - Grant |
46 |
> |
47 |
>>>> In terms of userland, non hardened profile doesn't protect you at all |
48 |
>>>> against buffer overflows, you are removing one important security |
49 |
>>>> layer. SSP protects you against buffer overflows in terms that the |
50 |
>>>> vulnerable application gets killed when the canary is modified before |
51 |
>>>> the execution of the arbitrary code. PIE protects you against return |
52 |
>>>> into libc attacks that doesn't need an executable stack. PaX is not |
53 |
>>>> perfect and needs them as complementary solutions. For example I think |
54 |
>>>> that RANDEXEC was removed from PaX time ago, one buffer overflow that |
55 |
>>>> uses return into libc attack could be succesfully against one |
56 |
>>>> non-hardened binary. Since skype is a network oriented software... |
57 |
>>> |
58 |
>>> In what situations is a hardened kernel useful? |
59 |
>>> |
60 |
>>> - Grant |
61 |
> |
62 |
> |