home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


Previous Section Next Section

A.24 Chapter 23: Protecting Against Programmed Threats

  • Be extremely careful about installing new software. Never install binaries obtained from untrustworthy sources.

  • When installing new software, do not unpack or compile it as root. Consider building it in a chroot environment. Install it first on a noncritical system on which you can test it and observe any misbehavior or bugs.

  • Run integrity checks on your system on a regular basis (see Chapter 20).

  • Don't include nonstandard directories in your execution path.

  • Don't leave any bin or library directories writable by untrustworthy accounts.

  • Set permissions on commands to prevent unauthorized alteration.

  • Scan your system for any user home directories or dot files that are world-writable or group-writable.

  • Don't leave untrusted floppies in the floppy drive.

  • If you suspect a network-based worm attack or a virus in widely circulated software, call a FIRST response team or the vendor to confirm the instance before sounding any alarm.

  • If you are attacked by a network-based worm, sever your network connections immediately.

  • Never write or use SUID or SGID shell scripts unless you are a hoary Unix wizard.

  • Disable terminal answer-back, if possible.

  • Never have "." (the current directory) in your search path. Never have writable directories in your search path.

  • When running as the superuser, get in the habit of typing full pathnames for commands.

  • Check the behavior of your xargs and find commands. Review the use of these commands (and the shell) in all scripts executed by cron.

  • Watch for unauthorized modification to initialization files in any user or system account, including editor startup files, .forward files, etc.

  • Periodically review all system startup and configuration files for additions and changes.

  • Periodically review mailer alias files for unauthorized changes.

  • Periodically review configuration files for server programs (e.g., inetd.conf).

  • Check the security of your at program, and disable the program if necessary.

  • Verify that any files run from the cron command files cannot be altered or replaced by unauthorized users.

  • Don't use the vi or ex editors in a directory without first checking for a Trojan .exrc file. Disable the automatic command execution feature in GNU Emacs.

  • Make sure that the devices used for backups are not world-readable.

  • Make sure that any shared libraries are properly protected and that protections cannot be overridden.

    Previous Section Next Section