nigelenki at comcast
Mar 15, 2005, 7:34 PM
Post #1 of 1
(59 views)
Permalink
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey!
Dom said he'd try to get me some hardware with shell access to run a
honeypot on. I'm thinking, Hardened Gentoo, base ~9 months back on
software, run some servers and such, connect to IRC and AIM, etc. The
idea is to see how well it holds up under real pressure -- the box
should be public. It'll be a target for attack for anyone who wants to
bork it up.
I don't have a formal design right now; I think open firewall to the box
with h-d-s continuously updated and software from a 9 month back copy of
the portage tree (CVS anyone? I need help doing this) should be
sufficient to get some attention. I'll also set up a jail with free
root (ssh) to test out grsecurity's chroot() restrictions -- have fun.
If any of the hardened guys have ideas or want to help me set some stuff
up, like an apache server explaining what's going on here, send me a
mail and we'll see what goes on.
Currently my plan is:
PaX and GrSecurity:
- CVS down 9 month old portage (someone help me with this one?)
- Grab the latest compiler and h-d-s ebuilds
- install the system
- emerge hardened-dev-sources
- Hardened the box down as much as possible in kernel-- NO MAC
GrSecurity Chroot:
- Set up a chroot jail
- Free root: ssh root, password gentoo
- Have fun breaking that one
There are other considerations though:
- X-chat and Gaim should be wired up to everything
- Mozilla should be remote controlled by CGI scripts
- Some services should be running
- How do we find out when an attack happened??
- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
Creative brains are a valuable, limited resource. They shouldn't be
wasted on re-inventing the wheel when there are so many fascinating
new problems waiting out there.
-- Eric Steven Raymond
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCN5sdhDd4aOud5P8RArp0AJ9m9iLp1Vrca8IClYnY9w+zTCYIsACeKyjg
kfBynFhk6xh1EHhPK6ZcNZo=
=faoq
-----END PGP SIGNATURE-----
--
gentoo-hardened [at] gentoo mailing list
|
