Secure BSD

From base48
Revision as of 18:52, 12 February 2013 by B42 (talk | contribs) (project template image format update)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


OpenBSD secure paper/script
Base-small.png
Founder:
TODO
Coops:
TODO
Latest Version:
TODO
Architecture(s):
TODO
Programming
Language(s):
TODO
SW License:
TODO
Status:
active
Created:
Error: Invalid time.
Last Modified:
2013-02-12
The date "TODO" was not understood.

OpenBSD secure paper/script

OpenBSD je jeden z nejbezpecnejsich operacnich systemu v defaultni instalaci. Nicmene k dokonalosti neco chybi.

Sifrovani hard disku

vnconfig - vytvareni sifrovanych kontejneru v souborech softraid - sifrovani disku chflags

Flagy file systemu. arch set the archived flag (superuser only) nodump set the nodump flag (owner or superuser only) sappnd set the system append-only flag (superuser only) schg set the system immutable flag (superuser only) uappnd set the user append-only flag (owner or superuser only) uchg set the user immutable flag (owner or superuser only) pf firewall

Firewall pro filtrovani sitoveho provozu.

rm -P

Parametr P programu rm zpusobi, ze soubory (nikoliv adresare, a tedy jejich jmena) jsou nejprve trikrat prepsany nez jsou smazany. Nejprve vzorem 0xff, pak 0x00, pak znovu 0xff a nakonec jsou standardne “smazany” zavolanim unlink().

ifconfig lladdr random

Program ifconfig umoznuje zmenu MAC adresy sitoveho zarizeni bud na prednastavenou, nebo na nahodnou.

/tmp v RAM

Citliva data v /tmp je lepsi ukladat do RAM, ze ktere po par minuchat po vypnuti systemu zmizi.



Cilem projektu je popsat moznosti k dalsimu zabezpeceni, a napsat jednoduchy skript, ktery overi nastaveni

active, sw

Retrieved from "index.php?title=Secure_BSD&oldid=2245"