LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/solrhe/Securing-Optimizing-Linux-R.../chap5sec46.html

219 lines
3.9 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Conceal binary RPM </TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.60"><LINK
REL="HOME"
TITLE="Securing and Optimizing Linux"
HREF="index.html"><LINK
REL="UP"
TITLE="General System Security"
HREF="gen-syssecured.html"><LINK
REL="PREVIOUS"
TITLE="Control mounting a file system"
HREF="chap5sec45.html"><LINK
REL="NEXT"
TITLE="Shell logging"
HREF="chap5sec47.html"></HEAD
><BODY
CLASS="section"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Securing and Optimizing Linux: RedHat Edition -A Hands on Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="chap5sec45.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 5. General System Security</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="chap5sec47.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="section"
><H1
CLASS="section"
><A
NAME="AEN3724"
>5.17. Conceal binary <SPAN
CLASS="acronym"
>RPM</SPAN
></A
></H1
><P
>&#13; Once you have installed all the software that you need on yo42ur Linux server with the <SPAN
CLASS="acronym"
>RPM</SPAN
> command, it's a good idea for better security to move it to a safe
place like a floppy disk or other safe place of your choice. With this method if some one accesses your server and has the intention to install software like trojan horses, password
thieves etc. with <SPAN
CLASS="acronym"
>RPM</SPAN
> command, he shouldn't be able to do so. Of course, if in the future you want to install or upgrade new software via <SPAN
CLASS="acronym"
>RPM</SPAN
>, all
you have to do is to replace the <SPAN
CLASS="acronym"
>RPM</SPAN
> binary to its original directory again. To move the <SPAN
CLASS="acronym"
>RPM</SPAN
> binary on the floppy disk, use the command:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="screen"
>&#13; [root@deep] /# <B
CLASS="command"
>mount</B
> /dev/fd0 /mnt/floppy/
[root@deep] /# <B
CLASS="command"
>mv</B
> /bin/rpm /mnt/floppy/
[root@deep] /# <B
CLASS="command"
>umount</B
> /mnt/floppy
</PRE
></TD
></TR
></TABLE
>
</P
><P
>&#13; Never uninstall the <SPAN
CLASS="acronym"
>RPM</SPAN
> program completely from your system or you will be unable to reinstall it again later, since to install <SPAN
CLASS="acronym"
>RPM</SPAN
> or other software you need to have <SPAN
CLASS="acronym"
>RPM</SPAN
> commands available.
Another thing you can do is change the default permission of the rpm command from 755 to 700. With this modification, non-root users can't use the rpm program to query, install etc; in case
you forget to move it to a safe place after installation of new programs.
To change the default permission of <TT
CLASS="filename"
>/bin/rpm</TT
>, use the command:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="screen"
>&#13; [root@deep] /# <B
CLASS="command"
>chmod</B
> 700 /bin/rpm
</PRE
></TD
></TR
></TABLE
>
</P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="chap5sec45.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="chap5sec47.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Control mounting a file system</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="gen-syssecured.html"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Shell logging</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink