Some extensive system health monitoring
Taco Witte
taco.witte at gmail.com
Wed Mar 9 12:59:11 CST 2005
On Tue, 08 Mar 2005 13:05:24 -0500, John Richard Moser
<nigelenki at comcast.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Thibaut Varene wrote:
> > On Mon, 07 Mar 2005 23:10:53 -0500, John Richard Moser
> > <nigelenki at comcast.net> wrote:
[snip]
> >> - Firewall
> >> - Allow remote firewall rule "modules" to be fetched to construct a
> >> firewall of stock options (REQUIRE SIGNATURE)
> >> - Allow on-site configuration of IP masquerading, routing, port
> >> forwarding, and IP connection tracking
> >> - Notify when firewall rule modules are updated and ask the user if
> >> he wishes to update the firewall
> >
> >
> > Not needed. No open port by default. The user starting to install
> > server daemons and opening ports should know what he's doing. At most,
> > I can imagine he'd be prompted for the security implications of his
> > doing (as Mandrake does when you ask for installing Apache and the
> > like)...
>
> Malware could open ports by itself. Do I need to write some and sneak
> it on your computer one day, then sniff out your root password by
> advanced social engineering?
There's a feature in (I believe) grsecurity that disallows users to
execute programs in insecure directories or with insecure permissions
("not installed by the administrator"). I think it would be very good
at some stage to adopt this feature because it can prevent a lot of
worms and malware from having any effect.
In general I agree that more such information for users would be a
good thing. Maybe a DBUS protocol can be made for such messages
(allowing those messages to offer the user to do some action or open a
website). Using DBUS, this idea can be implemented in a distributed
manner.
Kind regards,
Taco
More information about the ubuntu-devel
mailing list