[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: daemons

I would be interesing for you to take a look at www.bastille-linux.org. These
are also scripts that secures the system. Also there is some library
lib*safe.so. I don't remember the exact name. It encapsulates the known
vulnarable calls such as strcpy with safe version. So that even if some program
is not patched, they can not be exploited, as excution of such calls is routed
to safe versions.

Also take a look at LIDS, Linux intrusion detection systems at www.lids.org. It
makes the system virtually bulletproof. Although that does not grant the
sysadmin, the right of being stupid.



Dwivedi Ajay kumar wrote:

> On Mon, 31 Jul 2000, Sharad Joshi wrote:
> >> + i make a program differentiate between a normal setuid program (chfn,
> >> + passwd ) and a buffer overflow exploit ( pam.sh , sendmail exploit?
> >