Lines Matching +full:run +full:- +full:control
47 multi-user systems have some inherent security, the job of building and
60 As yesterday's mini-computers and mainframes
74 .Bl -enum -offset indent
89 Typically, DoS attacks are brute-force mechanisms that attempt
99 Brute-force network attacks are harder to deal with.
100 A spoofed-packet attack, for example, is
107 sysadmins still run
114 The result is that if you have any moderate-sized user base,
137 may find a bug in a root-run server and be able to break root over a network
138 connection to that server, or the attacker may know of a bug in an SUID-root
152 Security remedies should always be implemented with a multi-layered
155 .Bl -enum -offset indent
159 Securing root \(em root-run servers and SUID/SGID binaries
271 the machines which run the Kerberos servers and your desktop workstation.
279 .Xr ssh-keygen 1 .
281 to star-out the passwords for staff accounts also guarantees that staff
294 you should run as few servers as possible, up to and including no servers
295 at all, and you should run a password-protected screen blanker.
299 consider the fact that the vast majority of break-ins occur remotely, over
311 re-passwording restrictions with Kerberos: not only can a Kerberos ticket
315 .Sh SECURING ROOT \(em ROOT-RUN SERVERS AND SUID/SGID BINARIES
317 Be aware that third party servers are often the most bug-prone.
325 Never run a server that you have not checked
327 Many servers do not need to be run as root.
334 daemons can be run in special user
343 virtually every server ever run as root, including basic system servers.
363 There are a number of other servers that typically do not run in sandboxes:
372 You may have to run these
373 servers as root and rely on other mechanisms to detect break-ins that might
376 The other big potential root hole in a system are the SUID-root and SGID
385 the system-default SUID and SGID binaries can be considered reasonably safe.
393 binaries that only staff should run to a special group that only staff can
401 If an intruder can break an SGID-kmem binary the
417 program or emulator with a keyboard-simulation feature, the intruder can
420 is then run as that user.
424 draconian access restrictions on your staff and *-out their passwords, you
427 you do have sufficient control then you may win out and be able to secure the
436 The only sure fire way is to *-out as many passwords as you can and
443 attacker cannot obtain root-write access.
460 An intruder will commonly attempt to run a packet sniffer
482 To avoid these problems you have to run
500 script files \(em everything that gets run
505 run the system at a higher security level but not set the
514 read-only.
516 what you attempt to protect may prevent the all-important detection of an
520 Any super-user process can raise the level, but no process
523 .Bl -tag -width flag
524 .It Ic -1
525 Permanently insecure mode \- always run the system in insecure mode.
528 Insecure mode \- immutable and append-only flags may be turned off.
531 Secure mode \- the system immutable and system append-only flags may not
554 Highly secure mode \- same as secure mode, plus disks may not be
561 while the system is multi-user.
568 Network secure mode \- same as highly secure mode, plus
585 configuration and control files so much before the convenience factor
610 limited-access system.
611 Writing your security scripts on the extra-secure limited-access system
614 limited-access box significant access to the other machines in the business,
615 usually either by doing a read-only NFS export of the other machines to the
616 limited-access box, or by setting up SSH keypairs to allow the limit-access
622 limited-access server is connected to the client boxes through a switch,
624 If your limited-access server
626 of routing, the NFS method may be too insecure (network-wise) and using SSH
627 may be the better choice even with the audit-trail tracks that SSH lays.
629 Once you give a limit-access box at least read access to the client systems
639 the client-box files boxes at least once a
640 day, and to test control files such as those found in
646 information the limited-access machine knows is valid, it should scream at
659 the scripts to the client box in order to run them, making them visible, and
677 If you have a huge amount of user disk space it may take too long to run
689 week, since the object of this layer is to detect a break-in whether or
690 not the break-in is effective.
695 is a relatively low-overhead feature of
696 the operating system which I recommend using as a post-break-in evaluation
700 the break-in occurs.
707 break-in.
708 One way to keep a permanent record of the log files is to run
727 .Bl -enum -offset indent
754 Note that spoofed-IP attacks will circumvent
760 Some standalone servers have self-fork-limitation parameters.
779 It is also prudent to run
785 and to run the daemon
787 separate from the queue-runs
789 If you still want real-time delivery you can run the queue
808 with connect-back services such as tcpwrapper's reverse-identd, which can
810 You generally do not want to use the reverse-ident
817 services from network-based root compromise.
823 ports A, B, C, D, and M-Z
830 and other internet-accessible services.
838 high-numbered port range on the firewall to allow permissive-like operation
843 control the range of port numbers used for dynamic binding via the various
853 internet-accessible ports, of course).
902 .Xr inetd 8 Ns -internal
943 key-forwarding in the SSH configuration, or that you make use of the
959 with backwards-compatibility shims to accept the existing names.
967 .Bl -tag -width security.bsd.unprivileged_proc_debug
980 sub-jails.
982 When enabled, unprivileged users are only allowed to send job control
990 Controls availability of the process debugging facilities to non-root users.
996 Tunable, amd64-only.
998 tables are sanitized to prevent so-called Meltdown information leak on
1009 cross-process ret2spec attacks.
1026 Controls force-flush of L1D cache on return from syscalls which report
1041 Controls force-flush of L1D cache on NMI;
1060 and do not serialize off-core memory accesses.
1062 Controls system-global Address Space Layout Randomization (ASLR) for
1063 normal non-PIE (Position Independent Executable) 32-bit ELF binaries.
1067 mode, also affected by the per-image control note flag.
1069 Controls system-global Address Space Layout Randomization for
1070 position-independent (PIE) 32-bit binaries.
1075 Enable randomization of the stack for 32-bit binaries.
1079 ASLR control for 64-bit ELF binaries.
1081 ASLR control for 64-bit ELF PIEs.
1083 ASLR sbrk compatibility control for 64-bit binaries.
1085 Controls stack address randomization for 64-bit binaries.
1087 Enables non-executable stack for 32-bit processes.
1090 Enables non-executable stack for 64-bit processes.
1093 32-bit processes.
1096 64-bit processes.
1107 .Xr xdm 1 Pq Pa ports/x11/xorg-clients ,