Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] OT: harden solaris

To: Chris Arnold <[email protected]>
Subject: Re: [FW1] OT: harden solaris
From: Alexander Hoogerhuis <[email protected]>
Date: 21 Apr 2001 16:06:38 +0200
Cc: "Hartmann, Josef" <[email protected]>, [email protected]
In-reply-to: <[email protected]>
References: <[email protected]>
Sender: [email protected]
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7


Thank you very much for pointing this out, my bad :)

cheers,
Alexander

Chris Arnold <[email protected]> writes:

> Loopback filesystems are available under Solaris 2.6, 7 and 8.  They're
> quite useful really especially in chroot environments.
> 
> root@impunity: / +> mount
> ...
> /export/home on /dev/dsk/c0t3d0s4
> read/write/setuid/intr/largefiles/onerror=panic/dev=80001c on Thu Apr 19
> 14:03:49 2001
> ...
> root@impunity: / +> mkdir /tmp/a
> root@impunity: / +> mount -F lofs /export/home /tmp/a
> root@impunity: / +> cd /tmp/a
> 
> Chris
> 
> -----Original Message-----
> From: Alexander Hoogerhuis [mailto:[email protected]]
> Sent: Monday, April 16, 2001 6:05 PM
> To: Hartmann, Josef
> Cc: [email protected]
> Subject: Re: [FW1] OT: harden solaris
> 
> 
> 
> 
> As far as I know Soalris 2.[678] doesn't support mouting any kind of
> loopback fs. Feel free to flame me if I am very wrong on this
> point. :)
> 
> Apart from that, there are two ways to this that should be acceptably
> secure:
> 
> a) use something like /usr/local/bin owned by root:sys with r-x for
> owner only, and have statically linked binaries of whatever you need
> in here.
> 
> b) (my favourite) Always have /root as homedir for root and owned by
> root:sys, and permissions rwx for owner only. Under here you have your
> own /root/bin, again with things statically linked so there are no
> external dependencies.
> 
> Both of these assume it is only root that needs to execute these
> commands, but it could be modified by using a group in the
> /usr/local/bin case to include more users.
> 
> Both of these can easily be implemented in the secure driver for
> jass-0.2 and quite possibly any other way of installing the machine.
> 
> cheers,
> Alexander
> 
> "Hartmann, Josef" <[email protected]> writes:
> 
> > Hi,
> > 
> > thinking about harden solaris but still having a few tools like gzip,
> snoop
> > etc. I am questioning if solaris can mount an encrypted file using
> loopback
> > device?
> > 
> > 
> > Thanks
> > Josef
> > 
> > 
> >
> ============================================================================
> ====
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> >
> ============================================================================
> ====
> 
> -- 
> Alexander Hoogerhuis
> FYI: perl -e 'print
> $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> 
> 
> ============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
> 

-- 
Alexander Hoogerhuis
FYI: perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Managing a lot of firewalls
Next by Date: RE: [FW1] Solaris log rotation script
Previous by thread: RE: [FW1] Managing a lot of firewalls
Next by thread: Re: [FW1] OT: harden solaris
Index(es):
- Date
- Thread