You are not logged in.
- Topics: Active | Unanswered
#1 2010-12-11 11:38:17
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,729
- Website
securing arch linux article on rollingrelease.com
http://rollingrelease.com/system/2010/1 … omment-122
What do people think about r4is3's suggestions? I noticed the default permissions for many of these locations are 755. ...wouldn't changing /usr to 700 knock out access to all /usr/bin/foo?
Last edited by graysky (2010-12-11 11:39:22)
Offline
#2 2010-12-11 12:02:17
- dyscoria
- Member
- Registered: 2008-01-10
- Posts: 1,007
Re: securing arch linux article on rollingrelease.com
Yep, have fun not being able to use any programs at all unless logged in as root.
To be honest though, local access is not protected by any of these measures. System encryption is required, which is not mentioned at all in this article. 
Vulnerabilities in a web server or application that result in root privileges are not protected by any of these measures. Mandatory access control is required, which is not mentioned at all in the article
Pretty poor article in terms of securing linux...
Last edited by dyscoria (2010-12-11 12:24:30)
flack 2.0.6: menu-driven BASH script to easily tag FLAC files (AUR)
knock-once 1.2: BASH script to easily create/send one-time sequences for knockd (forum/AUR)
Offline
#3 2010-12-11 13:46:51
- madeye
- Member
- From: Denmark
- Registered: 2006-07-19
- Posts: 331
- Website
Re: securing arch linux article on rollingrelease.com
If you check the comments on the article page you will see that both technologies are mentioned. But as I have no experience with either encryption or MAC, I felt it would be better for qualified personnel to write a separate article about those subjects. 
Following the suggestion in the comments a wiki page has been made. Please feel free to add any information you can to that page. That way we can expand and heighten the security in our distro.
MadEye | Registered Linux user #167944 since 2000-02-28 | Homepage
Offline
#4 2010-12-11 14:00:15
- dyscoria
- Member
- Registered: 2008-01-10
- Posts: 1,007
Re: securing arch linux article on rollingrelease.com
True, they are mentioned in the comments, but I would have thought at least a passing mention in the article would suffice. But not to worry, thanks for helping to highlight the importance of security!
flack 2.0.6: menu-driven BASH script to easily tag FLAC files (AUR)
knock-once 1.2: BASH script to easily create/send one-time sequences for knockd (forum/AUR)
Offline
#5 2010-12-11 14:24:19
- .:B:.
- Forum Fellow
- Registered: 2006-11-26
- Posts: 5,819
- Website
Re: securing arch linux article on rollingrelease.com
I can only guess he didn't test those permissions himself. If he did, I'm pretty sure he would have reinstalled to 'solve' it.
Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy
Offline