[Discuss] automatic daemon restarts
Edward Ned Harvey (blu)
blu at nedharvey.com
Tue Sep 16 19:00:54 EDT 2014
> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
> bounces+blu=nedharvey.com at blu.org] On Behalf Of Derek Martin
>
> 1. An attacker of your site is able to exploit a vulnerability to
> upload a custom malicous loadable module for your managed service,
> but can not otherwise gain access to a shell or the filesystem.
>
> 2. The same attacker is also able to exploit a separate bug to cause
> the server to crash.
You receive notification that your production server is down, and your customers are being unserved and your business is losing $10k per minute.
Are you going to checksum all of your system binaries before starting the service manually?
Of course nothing is foolproof, but the above scenario is what selinux & apparmor & ilk are designed for. Identify and prevent processes that behave inconsistently with their normal programming.
More information about the Discuss
mailing list