Fix some permissions on your server to prevent from Exploits

Some exploits will try to use unix resources to download rootkits and other bad files to your system. You can deny it fixing some permissions on that resources.

Trick: Make a backup of /usr/bin, /usr/sbin, /bin, /sbin
You will be able to replace it if you detected some infected file with rkhunter or chrootkit.
Read this:
How to Install Rkhunter
How to Install Rootcheck

# chmod 700 /usr/bin/rcp
# chmod 700 /usr/bin/wget
# chmod 700 /usr/bin/lynx
# chmod 700 /usr/bin/links
# chmod 700 /usr/bin/scp
# chmod 000 /etc/httpd/proxy/
# chmod 000 /var/mail/vbox
# chmod 700 /usr/bin/mc
# chmod 700 /usr/bin/elinks
# chmod 700 /usr/bin/lwp-download
# chmod 700 /usr/bin/GET
# chmod 700 /usr/bin/curl

You can also block all *cc compilers on /usr/bin to permit only root user to use compilers:
# cd /usr/bin/
# ls -l
# chmod 700 /usr/bin/
Example:
# chmod 700 byacc
# chmod 700 cc
# chmod 700 gcc
# chmod 700 gnatgcc
# chmod 700 perlcc
# chmod 700 yacc

4:29 PM | Tags: , |

This entry was posted on 4:29 PM and is filed under security , sysadmin . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

0 Comments:

Post a Comment

Subscribe to: Post Comments (Atom)