[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] OT: harden solaris
As far as I know Soalris 2.[678] doesn't support mouting any kind of loopback fs. Feel free to flame me if I am very wrong on this point. :) Apart from that, there are two ways to this that should be acceptably secure: a) use something like /usr/local/bin owned by root:sys with r-x for owner only, and have statically linked binaries of whatever you need in here. b) (my favourite) Always have /root as homedir for root and owned by root:sys, and permissions rwx for owner only. Under here you have your own /root/bin, again with things statically linked so there are no external dependencies. Both of these assume it is only root that needs to execute these commands, but it could be modified by using a group in the /usr/local/bin case to include more users. Both of these can easily be implemented in the secure driver for jass-0.2 and quite possibly any other way of installing the machine. cheers, Alexander "Hartmann, Josef" <[email protected]> writes: > Hi, > > thinking about harden solaris but still having a few tools like gzip, snoop > etc. I am questioning if solaris can mount an encrypted file using loopback > device? > > > Thanks > Josef > > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ -- Alexander Hoogerhuis FYI: perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);' ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|