Author: Preston St. Pierre
One type of security that
must be discussed is ‘security through obscurity’. This means that by doing
something like changing the login name from ‘root’ to ‘toor’, for example, to
try and obscure someone from breaking into your system as root may be thought
of as a false sense of security, and can result in very unpleasant and unexpected
consequences.
However, it can also be
used to your benefit if done properly. If you tell all the users who are authorized
to use the root account on your machines to use the root equivilent instead,
entries in the /var/log/secure for the real root user would surely indicate
an attempted break-in, giving you some advance notice. You’ll have to decide
if this advantage outweighs the additional administration overhead.
In most cases, though, any
system attacker will quickly see through such empty security measures. Simply
because you may have a small site, or relatively low profile does not mean an
intruder won’t be interested in what you have. We’ll discuss what your protecting
in the next sections.
Excerpt from the LinuxSecurity Administrator’s Guide:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html
Written by: Dave Wreski (dave@guardiandigital.com)
LinuxSecurity Feature Extras:
AIDE
and CHKROOTKIT -Network security is continuing to be a big problem
for companies and home users. The problem can be resolved with an accurate security
analysis. In this article I show how to approach security using aide and chkrootkit.
An
Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code
– Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software (Addison-Wesley,
2002). More recently, he has co-written with Greg Hoglund a companion volume,
Exploiting Software, which details software security from the vantage point
of the other side, the attacker. He has graciously agreed to share some of his
insights with all of us at LinuxSecurity.com.
Security
Expert Dave Wreski Discusses Open Source Security – Dave Wreski,
CEO of Guardian Digital, Inc. and respected author of various hardened security
and Linux publications, talks about how Guardian Digital is changing the face
of IT security today. Guardian Digital is perhaps best known for their hardened
Linux solution EnGarde Secure Linux, touted as the premier secure, open-source
platform for its comprehensive array of general purpose services, such as web,
FTP, email, DNS, IDS, routing, VPN, firewalling, and much more.
[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
Linux Advisory Watch is
a comprehensive newsletter that outlines the security vulnerabilities that have
been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.[
Subscribe
]
Distribution: | Conectiva | ||
9/10/2004 | wv | ||
Fix for buffer overflow vulnerability iDefense discovered a buffer overflow vulnerability in the wv library. |
|||
9/13/2004 | kde | ||
Fix for multiple security vulnerabilities This announcement fixes several vulnerabilities. |
|||
9/13/2004 | zlib | ||
Fix for denial of service vulnerabilities A denial of service vulnerability was discovered in the zlib compression |
|||
Distribution: | Debian | ||
9/14/2004 | webmin | ||
insecure temporary directory Ludwig Nussel discovered a problem in webmin, a web-based administration |
|||
9/15/2004 | cupsys | ||
denial of service Alvaro Martinez Echevarria discovered a problem in CUPS, the Common UNIX |
|||
Distribution: | Fedora | ||
9/10/2004 | imlib-1.9.13-15.fc Security update (core1) |
||
denial of service Several heap overflow vulnerabilities have been found in the imlib BMP image |
|||
9/13/2004 | samba | ||
DoS (Core 1) Upgrade to 3.0.7, which fixes CAN-2004-0807 and CAN-2004-0808. |
|||
9/13/2004 | samba | ||
DoS (Core 2) Upgrade to 3.0.7 to close CAN-2004-0807 and CAN-2004-0808. |
|||
9/15/2004 | gdk-pixbuf vulnerabilities (Core 1) |
||
DoS (Core 2) Several vulnerabilities |
|||
9/15/2004 | gtk2 | ||
vulnerabilities (Core 2) Several vulnerabilities. |
|||
9/15/2004 | gdk-pixbuf vulnerabilities (Core 2) |
||
vulnerabilities (Core 2) Several vulnerabilities. |
|||
9/15/2004 | gtk2 | ||
vulnerabilities (Core 2) Several vulnerabilities. |
|||
Distribution: | Gentoo | ||
9/15/2004 | gallery | ||
arbitrary command execution An attacker could run arbitrary code as the user running PHP. |
|||
9/15/2004 | Mozilla, Firefox, Thunderbird, Galeon, Epiphany vulnerabilities |
||
arbitrary command execution Security roll-up. |
|||
9/10/2004 | samba | ||
remote printing vulnerability After further verifications, it appears that a remote user can only deny |
|||
9/12/2004 | webmin, usermin multiple vulnerabilities |
||
remote printing vulnerability There is an input validation bug in the webmail feature of Usermin. Additionally, |
|||
9/13/2004 | samba | ||
denial of service vulnerabilities There is a defect in smbd’s ASN.1 parsing. Another defect was found in nmbd’s |
|||
9/14/2004 | sus | ||
local root vulnerability Leon Juranic found a bug in the logging functionality of SUS that can lead |
|||
9/14/2004 | cdrtools | ||
local root vulnerability Max Vozeler discovered that the cdrecord utility, when set to SUID root, |
|||
Distribution: | Mandrake | ||
9/13/2004 | samba | ||
multiple vulnerabilities Two vulnerabilities were discovered in samba 3.0.x. |
|||
9/15/2004 | squid | ||
denial of service A vulnerability in the NTLM helpers in squid 2.5 could allow for malformed |
|||
9/15/2004 | printer-drivers vulnerability |
||
denial of service The foomatic-rip filter, which is part of foomatic-filters package, contains |
|||
9/15/2004 | gdk-pixbuf image loading vulnerabilities |
||
denial of service A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image |
|||
9/15/2004 | apache2 | ||
multiple vulnerabilities Two Denial of Service conditions were discovered in the input filter of |
|||
9/15/2004 | cups | ||
denial of service Alvaro Martinez Echevarria discovered a vulnerability in the CUPS print |
|||
Distribution: | Red Hat |
||
9/15/2004 | mod_ssl | ||
security flaw Updated httpd packages that include a security fix for mod_ssl and various |
|||
9/15/2004 | openoffice.org resolve security issue |
||
security flaw Secunia Research reported an issue with the handling of temporary files. |
|||
9/15/2004 | gdk-pixbuf security flaws |
||
security flaw Several vulnerabilities. |
|||
9/15/2004 | cups | ||
security vulnerability Alvaro Martinez Echevarria reported a bug in the CUPS Internet Printing |
|||
9/15/2004 | httpd | ||
security issues Updated httpd packages that include fixes for security issues are now available. |
|||
9/15/2004 | mc | ||
security vulnerabilities An updated mc package that resolves several shell escape security issues |
|||
9/15/2004 | imlib | ||
security vulnerability An updated imlib package that fixes several heap overflows is now available. |
|||
9/15/2004 | gtk2 | ||
security flaws and bugs Updated gtk2 packages that fix several security flaws and bugs are now available. |
|||
Distribution: | Slackware | ||
9/13/2004 | samba | ||
DoS
New samba packages are available for Slackware 10.0 and -current. These |
|||
Distribution: | Suse | ||
9/15/2004 | cups | ||
remote code execution Alvaro Martinez Echevarria has found a remote Denial of Service condition |
|||
9/15/2004 | apache2 | ||
remote denial-of-service The Red Hat ASF Security-Team and the Swedish IT Incident Center within |
|||
Distribution: | Trustix | ||
9/14/2004 | multi | ||
Multiple bugfixes Security roll-up |
|||