Results 1 to 4 of 4
This is an idea i had, thinking in servers security. Please read it all. The base idea is, even if someone gain acess to a root shell (ssh or not), ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 09-27-2005 #1
- Join Date
- Sep 2005
An idea to improve security, for hacked PC's
This is an idea i had, thinking in servers security.
Please read it all.
The base idea is, even if someone gain acess to a root shell (ssh or not), he can't do nothing if he doesn't have access to the commands.
Then it will exist a program/script that will convert our programs in names, with many, and aleatory, characters.
our /bin/ls will be now /bin/a2bs3mc02c0b
All binaries will stay with names like that. Then the program will register the names and, automatically, create a script, per example:
#!/bin/1bv3c3g4bb (that were, before, the "bash" command, that the program had register before)
lg9sf7g77 (formerly "alias") /bin/bash=/bin/1bv3c3g4bb
lg9sf7g77 (formerly "alias") bash=1bv3c3g4bb
This for all commands.
The script will keep saved, and after we start a session, we will have to execute the script, that will have the name that we choose for it.
In this way, whos get a shell in our computer, will not have access to it, if he doesn't know the script name.
- 09-27-2005 #2
This is "security by obscurity". Seems like it would make things difficult on admins without a lot in the way of payoff.
- 09-27-2005 #3
- Join Date
- Nov 2004
Well, although the best defense is a tight perimeter (firewall, strong passwords etc) I guess if this needs to be a really secure server then it may be helpful. Just remember that your history of commands will be in .bash_history. Though I think that will show the aliases, and probably wouldn't be much use without the cat command
- 09-27-2005 #4