Hi Peter,
From: Peter Evans [mailto:peter@despammed.com] [Look, I'm a newbie, OK?]
It's OK :-) [snip]
but I find something aesthetically (?) displeasing about "executable" text files.
Me too.
Well, I've started by going to /home and, since I'm "peter", typing
chmod 700 peter
Well, if you don't have any executeables in your $HOME then you can type find $HOME -type d -exec chmod 0700 {} \; find $HOME -type f -exec chmod 0600 {} \; The first command sets all directories (type d) to 0700, the second one sets all files (type f) to 0600. Keep in mind that executeables in your $HOME won't be executeable any more!
Is that enough? (I doubt it.) If not, what's the recommended procedure?
(I do realize that there are many other major security considerations as well, but I'm not asking for a potted guide to Linux security. For now, just permissions.)
I recommend you'll read http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/ - it is a good introduction on general linux security. cheers, Stefan
On Tuesday 15 July 2003 11.35, Peer Stefan wrote:
Hi Peter,
From: Peter Evans [mailto:peter@despammed.com] [Look, I'm a newbie, OK?]
It's OK :-)
We all are in the begining... [extensive use of scissors] If you are proficient in PERL or bash programming (which i aint) you ought to be able to write a small script that checks the 'file' status on each file and acts correspondingly to each and every type. Just 'file <filename>' and you'll get the type of file it is. (ie. ~/> file /usr/bin/mpg123 /usr/bin/mpg123: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), stripped ~/> file foo.png foo.png: PNG image data, 2560 x 1024, 16-bit/color RGB, non-interlaced ) I think you understand the thing i am trying to explain :) This way you can do all sorts of interesting things. Liek "striping" the binaries if they arent, Check for sticky bits etc etc... Good luck! -- /Rikard ------------------------------------------------------------------------------------ Rikard Johnels email : rikjoh@norweb.se Web : http://www.rikjoh.com Mob : +46 70 464 99 39 ------------------------ Public PGP fingerprint ---------------------------- < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >
participants (2)
-
Peer Stefan
-
Rikard Johnels