[opensuse] Re: Interactive Firewall Needed
On Wed, 06 May 2009 21:43:06 +0200, jdd wrote:
Jim Henderson a écrit :
needs the original md5sum, never seen that on Windows
What? Pardon me for being brusque, but that's nonsense.
we need the original sum, not the program, a checksum have to compare to an other checksum
No, we need a checksum from a known good copy of the executable. So the first time you run it (when you know it's good), you prompt and say "this program is requesting to connect to..." (for example) "Allow or Deny?". Then give the user the chance to say they allow it or deny it, and the option to save their choice. If the checksum changes, you alert the user that the checksum changed. Or the path to the executable changed. Or whatever changed that was not expected changed. But I fail to see what this has to do with Windows not having an md5sum executable (which isn't included, true, but is certainly available).
Yeah, and which is the more critical part of an OS installation, the actual OS installation, or the data that a user stores under their own username?
Reinstalling the OS takes, what, 45 minutes? Recovering lost data because of a rogue app can take much longer, especially on personal home systems because most users don't do backups of their data on their home machines. Yes, they should, but that's not really the point.
? rogue app need an admin to install
Not true. I downloaded wings3d and copied it to my ~/bin directory and can run it. No root privs needed. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jim Henderson a écrit :
If the checksum changes, you alert the user that the checksum changed.
there is a linux application to do so. I don't remember the name, but I tested it some time ago. Problem is that it needs to be run each time you change a file on the computer for example look for "afick" (or look at the "security" packages in YaST) and if you want you can prevent users from running anything from they home - or see the security parameters on YaST jdd -- http://www.dodin.net http://valerie.dodin.org http://news.opensuse.org/2009/04/13/people-of-opensuse-jean-daniel-dodin/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 06 May 2009 23:41:52 +0200, jdd wrote:
Jim Henderson a écrit :
If the checksum changes, you alert the user that the checksum changed.
there is a linux application to do so. I don't remember the name, but I tested it some time ago.
Thing is, there might be a legitimate reason for it to have changed. Like an upgrade.
Problem is that it needs to be run each time you change a file on the computer
for example look for "afick" (or look at the "security" packages in YaST)
I do recall that it is possible to do this in Linux - I forget what it's called, but now you mention it, I do remember seeing something about this.
and if you want you can prevent users from running anything from they home - or see the security parameters on YaST
I'd do that on my own system why? Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 06 May 2009 22:33:34 +0000, Jim Henderson wrote:
for example look for "afick" (or look at the "security" packages in YaST)
I do recall that it is possible to do this in Linux - I forget what it's called, but now you mention it, I do remember seeing something about this.
For the sake of completeness, what I was thinking of here was inotify: http://www.ibm.com/developerworks/linux/library/l-inotify.html Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2009-05-06 at 23:41 +0200, jdd wrote:
Jim Henderson a écrit :
If the checksum changes, you alert the user that the checksum changed.
there is a linux application to do so. I don't remember the name, but I tested it some time ago.
tripwire? I don't see it in webpin, though.
and if you want you can prevent users from running anything from they home - or see the security parameters on YaST
How, mounting /home noexec, perhaps? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkoCFC8ACgkQtTMYHG2NR9XywgCfRtzSvmBvq/+f99ojDwvvNgIY +PsAnip40UpYQ39NSYwaUYW1UXPkUpgM =VIgO -----END PGP SIGNATURE-----
On Thu, 07 May 2009 00:50:20 +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wednesday, 2009-05-06 at 23:41 +0200, jdd wrote:
Jim Henderson a écrit :
If the checksum changes, you alert the user that the checksum changed.
there is a linux application to do so. I don't remember the name, but I tested it some time ago.
tripwire? I don't see it in webpin, though.
I'm thinking of a kernel feature to trigger events based on file modification. I don't think it's tripwire, when I'm done working today I'll see if I can find it.
and if you want you can prevent users from running anything from they home - or see the security parameters on YaST
How, mounting /home noexec, perhaps?
That's a pretty big sledgehammer. Proposed solution would be a bit more nuanced.... Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2009-05-06 at 23:06 -0000, Jim Henderson wrote:
If the checksum changes, you alert the user that the checksum changed.
there is a linux application to do so. I don't remember the name, but I tested it some time ago.
tripwire? I don't see it in webpin, though.
I'm thinking of a kernel feature to trigger events based on file modification. I don't think it's tripwire, when I'm done working today I'll see if I can find it.
No, tripwire doesn't do that. In fact, I can't think of any app doing that. Checking on execution of that file, or checking fulltime for a write access? Now that I think, it is possible to use apparmour to trigger on any attempt to write to a certain file, the trick was posted here (I'll look it up tomorrow if anybody is interested). But I don't think it could be used to monitor many files.
and if you want you can prevent users from running anything from they home - or see the security parameters on YaST
How, mounting /home noexec, perhaps?
That's a pretty big sledgehammer. Proposed solution would be a bit more nuanced....
Like...? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkoDYW8ACgkQtTMYHG2NR9Vt/wCdGoAO4HP5TYwacBS6MWK98usR I4YAoIBUse8k6qiFa49loMTh6K7g1baA =7rSa -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 08 May 2009 00:32:13 +0200, Carlos E. R. wrote:
I'm thinking of a kernel feature to trigger events based on file modification. I don't think it's tripwire, when I'm done working today I'll see if I can find it.
No, tripwire doesn't do that. In fact, I can't think of any app doing that. Checking on execution of that file, or checking fulltime for a write access?
I'd found it and wrote in another message what it was - inotify.
and if you want you can prevent users from running anything from they home - or see the security parameters on YaST
How, mounting /home noexec, perhaps?
That's a pretty big sledgehammer. Proposed solution would be a bit more nuanced....
Like...?
Like the solution that's being proposed. :-) Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Carlos E. R. -
jdd -
Jim Henderson