219 lines
3.9 KiB
HTML
219 lines
3.9 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Conceal binary RPM </TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.60"><LINK
|
|
REL="HOME"
|
|
TITLE="Securing and Optimizing Linux"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="General System Security"
|
|
HREF="gen-syssecured.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Control mounting a file system"
|
|
HREF="chap5sec45.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Shell logging"
|
|
HREF="chap5sec47.html"></HEAD
|
|
><BODY
|
|
CLASS="section"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Securing and Optimizing Linux: RedHat Edition -A Hands on Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="chap5sec45.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 5. General System Security</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="chap5sec47.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="AEN3724"
|
|
>5.17. Conceal binary <SPAN
|
|
CLASS="acronym"
|
|
>RPM</SPAN
|
|
></A
|
|
></H1
|
|
><P
|
|
> Once you have installed all the software that you need on yo42ur Linux server with the <SPAN
|
|
CLASS="acronym"
|
|
>RPM</SPAN
|
|
> command, it's a good idea for better security to move it to a safe
|
|
place like a floppy disk or other safe place of your choice. With this method if some one accesses your server and has the intention to install software like trojan horses, password
|
|
thieves etc. with <SPAN
|
|
CLASS="acronym"
|
|
>RPM</SPAN
|
|
> command, he shouldn't be able to do so. Of course, if in the future you want to install or upgrade new software via <SPAN
|
|
CLASS="acronym"
|
|
>RPM</SPAN
|
|
>, all
|
|
you have to do is to replace the <SPAN
|
|
CLASS="acronym"
|
|
>RPM</SPAN
|
|
> binary to its original directory again. To move the <SPAN
|
|
CLASS="acronym"
|
|
>RPM</SPAN
|
|
> binary on the floppy disk, use the command:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="screen"
|
|
> [root@deep] /# <B
|
|
CLASS="command"
|
|
>mount</B
|
|
> /dev/fd0 /mnt/floppy/
|
|
[root@deep] /# <B
|
|
CLASS="command"
|
|
>mv</B
|
|
> /bin/rpm /mnt/floppy/
|
|
[root@deep] /# <B
|
|
CLASS="command"
|
|
>umount</B
|
|
> /mnt/floppy
|
|
</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
><P
|
|
> Never uninstall the <SPAN
|
|
CLASS="acronym"
|
|
>RPM</SPAN
|
|
> program completely from your system or you will be unable to reinstall it again later, since to install <SPAN
|
|
CLASS="acronym"
|
|
>RPM</SPAN
|
|
> or other software you need to have <SPAN
|
|
CLASS="acronym"
|
|
>RPM</SPAN
|
|
> commands available.
|
|
Another thing you can do is change the default permission of the rpm command from 755 to 700. With this modification, non-root users can't use the rpm program to query, install etc; in case
|
|
you forget to move it to a safe place after installation of new programs.
|
|
To change the default permission of <TT
|
|
CLASS="filename"
|
|
>/bin/rpm</TT
|
|
>, use the command:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="screen"
|
|
> [root@deep] /# <B
|
|
CLASS="command"
|
|
>chmod</B
|
|
> 700 /bin/rpm
|
|
</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="chap5sec45.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="chap5sec47.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Control mounting a file system</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="gen-syssecured.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Shell logging</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |