help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security issues


From: Jacob Lee
Subject: Re: Security issues
Date: 02 Jul 2002 12:28:44 -0400

I'm not so much worried about the users as I am an outside intruder - I
cannot be 100% sure that the Windows servers are secure enough to
prevent penetration. The users can do whatever they want, but the vast
majority are new to Linux, and only one or two, whom I trust, are even
at the level of (for example) being able to use ssh. I am more concerned
about making the job easy for an outside intruder: solving for him the
problem of finding other Linux hosts and having to mal-configure each of
them, separately.

I guess sudo would allow the users to do their common tasks (mounting
network drives, setting the system time, etc.) without them knowing the
root password. If users need to do any specific task, they can ask me to
grant them permission. I'm still concerned that it would be possible to
find the password via a number of means, which I hesitate to enumerate
in too much detail - but if the users don't know the root password and
the social engineering problem is eliminated, I may be able to tackle
some of the other problems. The root password can even be different on
each machine so that an attacker who gains one machine does not gain the
others. The password would be a function of the machine name so that the
admins don't end up writing down their passwords =), making this to some
extent security through obscurity; however, it would still create a
significant barrier to an attacker who would now have to crack several
machines until the pattern is discovered.

I think the above will work; I don't know how sudo slipped under my
radar earlier. Thanks for the advice.

On Tue, 2002-07-02 at 11:33, David J. Bianco wrote:
> 
> What you say is true.  If you can modify the cfengine config files,
> you can make the cfagent do whatever you like, so it's important to
> make these files reasonably secure from tampering.  But your problem 
> is much more basic.  Your users know the root password for every machine
> on your network.
> 
> If your root password is that well known, why would they want to use
> cfengine to do their dirty work for them?  Couldn't they just log
> in directly and do whatever they like?  Maybe I'm missing your point,
> but this doesn't sound like a cfengine problem to me.  Don't worry so
> much about locking the back door until you install a front door. 8-)
> 
> Maybe you could investigate a tool like sudo, which can allow you to
> delegate some permissions to other users without giving them full
> root capabilities.  Or if you have Linux 2.4 kernels, you might be 
> able to do the same with capabilities.  Also, lest I not fully answer
> the question you asked, you could use something like LIDS to modify the
> Linux kernel such that not even root can modify files without the proper
> clearance.  Find it at www.lids.org, but I don't really think it'll
> solve your underlying problem.
> 
>       David
> 
> 
> 
> -- 
> David J. Bianco, GSEC         <bianco@jlab.org>
> Thomas Jefferson National Accelerator Facility
> 
>      The views expressed herein are soley those of the author and
>           not those of SURA/Jefferson Lab or the US DOE.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]