[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[3]: [cobalt-users] wish to Cobalt: suppressing "sensitive" information

Subject: Re[3]: [cobalt-users] wish to Cobalt: suppressing "sensitive" information
From: "Jerome Tytgat" <j.tytgat@xxxxxxxx>
Date: Tue Sep 19 00:19:33 2000

Just for the polemique...

Even if you suppress theses Informations you can still find
interesting things using the Nmap TCP fingerprint function.

One good thing would be cobalt releasing a package for the people,
like us, who are aware of security policies...

I found myself modifying a cobalt (mainly the default HTML pages)
for security reasons (too much informations on them).

I know Obscurity is not a good security but if a bug exist on a
particular version of sendmail or qpopper, it's maybe not a good
idea to say "Hey we are using this version, yes you know the bugged
one, so you can use this exploit on me".

If no info is given, it lets the hacker gessing what you r using...

Giving you some times to react.

We should have a package which
- suppress version info
- suppress html default pages with 404 or forbidden (404 is best)
- add more logging (/var is on a separate partition, so no problem with
that,
the worst which can happen is to stop logging... we can deal with that
=> LOG ROTATE)
- Maybe hack the kernel for that dawn TCP/IP fingerprint
- Hack the kernel for the security patch (yes there are enhancement of the
security)
- put /tmp on a separate partition !!!!!! (we can fill / with that !!!!!!!)
- Lots of other things (try Bastille Linux on a regular Linux... almost good
!)
- A jail or a chroot for the peoples who needs telnet on the cobalt (yes
they can look at other people html code... php code, really bad !!!!!!!!),
they shouldn't
have the possibility to go out of their directory !!!! (maybe a
reorganization of the
site directory...)

We don't want a firewall, we want a more security aware box !!!!!
We have a firewall in front of them but we can't suppress every access !!!

In fact if the policy of security patching of cobalt were more aggressive
and make more
informative, we would have less problems...

(forgive my bad english, I'm french).


_______________________________________________________________
>ISION FRANCE
Jérôme Tytgat    -    System and Network security Administrator
mailto:j.tytgat@xxxxxxxx    	              http://www.ision.fr
_______________________________________________________________

Follow-Ups:
- Re: Re[3]: [cobalt-users] wish to Cobalt: suppressing "sensitive" information
  - From: Kris Dahl

Prev by Date: Re: [cobalt-users] RAQ2 List of in use IP Addresses
Next by Date: Re: [cobalt-users] CPU Usage Logs
Previous by thread: Re[2]: [cobalt-users] wish to Cobalt: suppressing "sensitive" information
Next by thread: Re: Re[3]: [cobalt-users] wish to Cobalt: suppressing "sensitive" information

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index