Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: AW: AW: [suse-security] SuSE security reputation, etc..
  • From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
  • Date: Sun, 6 Aug 2000 04:33:28 -0600
  • Message-id: <002601bfff91$c2dd7f60$6900030a@xxxxxxxxxxxx>
> I've actually seen a new directory of "...", designed
> be overlooked with the usual "." and ".." at the top.
> I've also heard mention of ".^H" or ".<rubout>" but am
> not sure how a person either creates or uses such a
> directory. Also, *heavily* scrutinize /tmp! This is
> ESPECIALLY imperative if anyone hasn't responded to the
> recent SuSE advisory regarding aaabase (where a few users,
> such as "nobody" have /tmp as their home directory).
> In this case, look for "/tmp/.bashrc".

Another reason to put /tmp on it's own filesystem. When you want to really
super purge it you can format the puppy, or to be super paranoid run
something like wipe on the partition.

> Often, the best approach, when a user account has
> been compromised, is to back it (and /tmp) up to a
> secure location, re-initialize it and /tmp, and then
> give the user their data files, one at a time, after
> carefully examining them.

Any user writeable area too, mailspool, etc.

find / -perm +0002 -print

> Hope this helps.
>
> Best regards,
>
> Ken Parker

Comment on sendmail: USE POSTFIX! =)

-Kurt



< Previous Next >
References