On 04/10/2018 01:03 PM, Rick Stevens wrote:
4. Use a highly restrictive firewall. Mine's set up so that NOTHING unsolicited gets in except ssh from specific IPs and DNS responses.
That's a good idea, but remember, DNS responses aren't unsolicited; they're replies to queries you sent out.
5. Don't disable SELinux. This may be a pain, but it can catch some nasty stuff.
And not just malicious code, either. SELinux used to prevent Google Earth from running because of something called "text redirection." Looking it up, it's a way to hook into an interrupt so that your code gets executed first, then the regular code. This was a common way to hook in TSR programs back in the MS-DOS days, and several could be daisy-chained to the keyboard interrupt. Not only is it a way to add malware to a program, it can cause strange problems if the program crashes and/or doesn't clean up properly on exit. I'm not accusing Google of offering malware, just of using outmoded methods to connect their programs to the system. Later, of course, they cleaned up their act and SELinux stopped blocking them. It also caused problems with one BOINC project about a decade or so ago because it was trying to walk *all* of /proc for no good reason. Enough of us reported it that the maintainers pulled it until they could fix the bug. Again, not malware, but still something that needed correcting.
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
