Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: a secure base system
From: harry <Rik.Bobbaers () cc kuleuven ac be>
Date: Tue, 16 Mar 2004 09:44:12 +0100

harry wrote:
... a lot of crap ;))

it seems that i wasn't exactly clear, when a system has been
compromised, it has to be reinstalled completely. my intention is to set
up a base system (an other system) just to run as a spare server (only
for servers!!!). when a system gets compromised, we have to completely
reinstall another server, which takes a lot of time. we don't want
that... that's why i need a secure start for a new server, a base
install from which we can install all our future servers

the standard we use here is debian, so i guess i'm stuck to debian (or
maybe trusteddebian, which i'm looking into right now) (no bsd :()
RSBAC provides everything SELinux has, and more ==> which is in adamantix

i'll see for a 2.6 kernel (since 2.4 and noexec doesn't help very much)

remote logging (without a doubt)

noexec, nodev, nosuid, ... on parts that we don't need

lvm, raid1, ...

so i think i know what to do now ( also talked to some peaple over
here...) i'm gonna start installing later today :)

thanks all... you are really the best! (i learn a lot on this list! :))

aka Rik Bobbaers
ps. i'm a satisfied reader :))

K.U.Leuven - LUDIT             -=- Tel: +32 485 52 71 50
Rik.Bobbaers () cc kuleuven ac be -=- http://harry.ulyssis.org

"Work hard and do your best, it'll make it easier for the rest"
-- Garfield

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]