File monitoring and Obfuscation

ralphbsz said:
That's the thing I was thinking about! Thank you.
Click to expand...
And

FreshPorts -- security/aide: File and directory integrity checker

AIDE is Advanced Intrusion Detection Environment, a file and directory integrity checker. It creates a database from the regular expression rules that it finds from the config file(s). Once this database is initialized it can be used to verify the integrity of the files. It has several message...
www.freshports.org www.freshports.org

FreshPorts -- security/lynis: Security and system auditing tool

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated...
www.freshports.org www.freshports.org
 
gpb said:
Security in Linux and BSD hasn't really changed since UNIX was created.
Click to expand...
While I agree that Plan 9 was actually designed from the lessons of the past ...

Unixes have changed a lot. ACLs, capabilities, secure levels, SELinux, encrypted disks, jails/VMs/..., leaving empty pages at the end of stacks and heaps, protecting executable code against being written, ...
And people have started paying attention to it. Like auditing code, testing, having government standards, ...

So it has changed a lot since Dennis and Ken.
 
On Solaris you can have two (or more) human persons share the traditional root (administrator) account. I.e. one can do some tasks (roughly related to what would be allowed for members of the operator group), but all other wheel members can see a log, and vital tasks need to be allowed rubber-stamped by both/all admins. Similar to the procedure to fire an atomic missile. Don't know how to do that on FreeBSD. IMHO that would be a really useful enhancement. EDIT IIRC that is called roles, i.e. you can make the root account a role. Then you can not log in as root anymore, but take that role when you need it.
 
That's correct, RBAC is its name. And it's even more fine grained than you mention. You can basically eliminate root usage entirely. Anyone interested can read up about it. Is there anything similar in FreeBSD? Unfortunately not, more's the pity. It would be a major task to undertake, given it relies on shells, programs and the kernel to be modified. More doable on *BSD than say Linux, though.

I've administered it in the past, and it's a bit of a headache to set up but once set up you can give someone the role of printer administrator, access to just the web server etc. In environments with tight security enforcement its well liked.
 
You must log in or register to reply here.
Back
Top