Introduction
Introduction Statistics Contact Development Disclaimer Help
Post AtPMHMbSTOeBs51DlY by [email protected]
More posts by [email protected]
Post #AtPBoZJD9i3nL07AC8 by [email protected]
0 likes, 1 repeats
I'm a little rusty when it comes to Linux security, and I think I may have …
Post #AtPCjUUviPIuvHjquO by [email protected]
0 likes, 1 repeats
From what I'm reading, the user is expected to either a) enable IMA manuall…
Post #AtPCony2kt4ukqtFSq by [email protected]
0 likes, 0 repeats
@still You can make a list of all changed files from the original packages. How…
Post #AtPCoo4mLqSx5k2cxk by [email protected]
0 likes, 1 repeats
@skewray that doesn't seem super feasible to monitor
Post #AtPEaq0Oa6TMvgSSGG by [email protected]
0 likes, 0 repeats
The reason why I'm asking is I've been reading a couple of reports, and…
Post #AtPEaq6QDhIFENHGee by [email protected]
0 likes, 1 repeats
The general consensus I'm reading is you're expected to configure dm-ve…
Post #AtPEe091LBpdFC06uu by [email protected]
0 likes, 1 repeats
@still IMA-EVM + an RO filesystem protected with fs-verity is probably the best…
Post #AtPF025MnwYvdQnTs0 by [email protected]
0 likes, 1 repeats
@still this is a great point. This aspect of Linux security is indeed sorely la…
Post #AtPF25ly4D6HeKhnP6 by [email protected]
0 likes, 1 repeats
@lanodan you can remount the fs as rw if needed afaik long as you have root - w…
Post #AtPFhJnQpf0B1333Y0 by [email protected]
0 likes, 0 repeats
@[email protected] I was looking into something similar some time ago and …
Post #AtPFhJvwK1o7RR1qoC by [email protected]
0 likes, 1 repeats
@axel My problem with all of the proposed solutions I've seen thus far is a…
Post #AtPFnX9k4cbmBjRoH2 by [email protected]
0 likes, 0 repeats
@still Know very little about this topic, but from what I understand if you&#39…
Post #AtPFswlaHYvh46jGGe by [email protected]
0 likes, 1 repeats
https://infosec.exchange/@still/114391292427677855
Post #AtPFxnUeBfELkk7U9o by [email protected]
0 likes, 0 repeats
@deepphilosopher this is unrelated to what I'm talking about - that code si…
Post #AtPGIG3ZhOao8GDHdo by [email protected]
0 likes, 0 repeats
@still Sadly there's no support for executable signatures on Linux afaik. B…
Post #AtPGIGBjD57AXY1nLk by [email protected]
0 likes, 0 repeats
@still I mean there is support for signatures but I'm not sure if anyone us…
Post #AtPGNoBGFp8jPiSHNg by [email protected]
0 likes, 1 repeats
@still 1. Use a package manager that validates packages on installation.Typical…
Post #AtPGSf7RN9vsl1yyiO by [email protected]
0 likes, 0 repeats
@still Figure that Linux is mostly used on servers which are increasingly Kuber…
Post #AtPGSgFdAC4uGip27U by [email protected]
0 likes, 0 repeats
@still (this is not entirely true but is one pretty common dodge of the problem…
Post #AtPGdbu7fJjHyLyQj2 by [email protected]
0 likes, 1 repeats
@still do you know https://docs.redhat.com/en/documentation/red_hat_enterprise_…
Post #AtPGgMmaLMIzwUlKDY by [email protected]
0 likes, 0 repeats
@tjbutt58 #1 does not address the issue of tampered binaries post-installation#…
Post #AtPGgMsxxdPSGHkQAC by [email protected]
0 likes, 1 repeats
@still tampered binaries is why #3#2 is trivial to automate, but superceded by …
Post #AtPGlzZXYIExh6LKq0 by [email protected]
0 likes, 1 repeats
@w00p AIDE looks fine, but the problem is it's RHEL exclusive afaik?
Post #AtPGmcUErwAmNxA9UO by [email protected]
0 likes, 1 repeats
@still openscap scans, for instance, will validate #2, and can be run daily. Or…
Post #AtPGoDTynxn1PonqKW by [email protected]
0 likes, 0 repeats
@still yeah I think this is one of many ways that Linux desktop security now la…
Post #AtPGoDa0RYbtiVceiu by [email protected]
0 likes, 0 repeats
@still tripwire or some third party EDR are the current solutions
Post #AtPGosHJ7z0xwOBnlo by [email protected]
0 likes, 1 repeats
@still ya
Post #AtPGtzXvX5fFvjP3BY by [email protected]
0 likes, 1 repeats
@still tampered binaries post installation are the reason allow listing tools e…
Post #AtPH1qXkt9tUKE4I1w by [email protected]
0 likes, 1 repeats
@still tools like tripwire/side/ samhain will report tampered binaries too, sam…
Post #AtPH5KIeiA9vTwfHU0 by [email protected]
0 likes, 1 repeats
@still i think it's distro independent: https://aide.github.io/
Post #AtPH8rNWBPAswRcky0 by [email protected]
0 likes, 1 repeats
@w00p ah ok I think this might be feasible then
Post #AtPHLGmFZmstBq6rmS by [email protected]
0 likes, 0 repeats
@[email protected] @[email protected] the "third party too…
Post #AtPHLGsdC3zLVd5xj6 by [email protected]
0 likes, 1 repeats
@qrsbrwn @axel I suppose I just have not run into such systems then. Most of th…
Post #AtPHMYhOQgX93wS7Jg by [email protected]
0 likes, 0 repeats
@tjbutt58 I'll keep this in mind, but I think another problem that stems fr…
Post #AtPHMYmi6umrKQwMbY by [email protected]
0 likes, 1 repeats
@still that's true. Mostly, though, rpm based distros work one way, deb wor…
Post #AtPHN3dvNdB92A4HiK by [email protected]
0 likes, 1 repeats
@qrsbrwn @axel I suppose I just have not run into such systems then. Most of th…
Post #AtPHY9DT00oRVKyrzc by [email protected]
0 likes, 0 repeats
@still Nope! You could run it as a cron job, I guess? No idea how long it would…
Post #AtPI9ZlNGGRGYKghwO by [email protected]
0 likes, 0 repeats
@still not sure if it's really 'code signing' as such, but Redhat (…
Post #AtPI9Zs6rDpItDq5RI by [email protected]
0 likes, 0 repeats
@aloz1 this sounds like a good solution yeah
Post #AtPIA5e2j3aXQrVIxM by [email protected]
0 likes, 0 repeats
@still the question seems a bit misleading. The concept of binary signing and v…
Post #AtPIYY0SvgIyLPecNc by [email protected]
0 likes, 1 repeats
@still dm-verity might not even be enough. You can still mount an overlay over …
Post #AtPIhnSGrU0sra4Plw by [email protected]
0 likes, 1 repeats
@maubil in many of the incidents we and our peers have seen, they have already …
Post #AtPKLYKyaVsLVwBAoK by [email protected]
0 likes, 1 repeats
Just to be clear - I'm not suggesting binary signing is the way to go or th…
Post #AtPL7LFmXJHcprXMa8 by [email protected]
0 likes, 1 repeats
@still the challenge with linux distros is that enabling this stuff by default …
Post #AtPLthPhRuZlSnEcGe by [email protected]
0 likes, 0 repeats
@[email protected] Yeah, I get that tbh. I've been looking for somethi…
Post #AtPLwWCzZ7OPa3dRFw by [email protected]
0 likes, 0 repeats
@still I really wonder if binary signing would hold, though. You can cause equa…
Post #AtPLxpvRkA551O3aIC by [email protected]
0 likes, 0 repeats
@still in short, the tools are there, but work differently to Windows. Not rely…
Post #AtPLzU9peCC85XZVsO by [email protected]
0 likes, 0 repeats
@kevinriggle @still r/o and noexec filesystem mounts,SystemD ProtectSystem, Pro…
Post #AtPM5vOrH2IEJgfeC0 by [email protected]
0 likes, 0 repeats
@still There have been attempts to do code signing on Linux and ELF supports it…
Post #AtPM9ZFRZl30lw0JtY by [email protected]
0 likes, 0 repeats
@still doesn't an immutable Linux give you that? Or am I misunderstanding t…
Post #AtPMHMbSTOeBs51DlY by [email protected]
0 likes, 0 repeats
@still Debian variants have debsums, but its comparing to a file under /var rkh…
Post #AtPMIfpQTmwtmrB1Hc by [email protected]
0 likes, 0 repeats
@still I think you're looking for immutable distributions, Fedora Silverblu…
Post #AtPOjhG5TEbdwuf1FY by [email protected]
0 likes, 1 repeats
@still @skewray It is trivial for any competent sysadmin and should have been a…
Post #AtPT9JfqBCv09HB7aK by [email protected]
0 likes, 1 repeats
@still @axel I faced the same question and issue some years ago, while performi…
Post #AtPUz2wdisw9HEGbC4 by [email protected]
0 likes, 0 repeats
@still I see, I'm still a bit confused on how this could realistically work…
Post #AtPUz32fMTl1Zv5PaS by [email protected]
0 likes, 0 repeats
@still I guess that the use of a Programmable ROM for the kernel would solve th…
Post #AtPV5oQE7IZAGKKdyy by [email protected]
0 likes, 0 repeats
@vampirdaddy @kevinriggle @still yup, going with "prevent this in the firs…
Post #AtPV8mTnnKkv6hQ66K by [email protected]
0 likes, 0 repeats
@still that's correct. You need complete, static images of the root filesys…
Post #AtPX1719kcgEOcUZMm by [email protected]
0 likes, 0 repeats
@[email protected] @[email protected] AIDE is very good, definitel…
Post #AtPqeOJ3IvXiRGJ1lI by [email protected]
0 likes, 1 repeats
@axel @still Yeah, been using it in years, learnt it from SANS SEC506, an old t…
Post #AtQUULJdZ4KuQzLJuy by [email protected]
0 likes, 1 repeats
@still @axel For me ro-fs+dm/fs-verity is something a Enterprise Linux OS vend…
Post #AtQZzG6hToDv1mqwnw by [email protected]
0 likes, 1 repeats
@still @axel OS vendor support would solve supply, next you need to solve deman…
Post #AujEYSX4oXUeVpK9g0 by [email protected]
0 likes, 0 repeats
@skewray @still, Debian-like systems should have debsums installed. That's …
You are viewing proxied material from pleroma.anduin.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.