Most probable reasons of leaving a post-compiled trojan programs after successfully exploiting a system is brought about by small percentage of having increased security by root not to enable user from compiling a program source, or run executable scripts and binary programs from particular device.
How to mount your device to further prevent script execution from it or program compilation from that mounted device?
Here's a quick tip on preventing any users from doing binary and shell scripts execution from particular mounted device such as /tmp or /dev/shm directory folder.
How to mount device with noexec preventing program execution?
Simply remount your device as non-suidable and non-executable system device
# mount -o remount, noexec, nosuid /tmp
Yes, remounting them individually can also be done
# mount -o remount, noexec /tmp
# mount -o remount, noexec /tmp
Now, to do some testing, copy an existing executable script and placed in under /tmp folder like so
# cp /root/scripts/test.pl /tmp
# cp /root/scripts/test.sh /tmp
and try to execute those copied scripts like so
# cd /tmp
# ./test.pl
bash: ./test.pl: Permission denied
# ./test.sh
bash: ./test.sh: Permission denied
You can also copy a linux binary file into /tmp and try to execute them.
# cp /usr/bin/who /tmp
# /tmp/who
bash: /tmp/who: Permission denied
Program execution should fail since the device is mounted with noexec and nosuid. However, some linux OS requires the said mounted /tmp device to be listed from /etc/fstab with valid file system type before it can be remounted back again.
To remount all your device back to its default boot up settings based on /etc/fstab, simply
# mount -a
To make the device noexec and nosuid remounts permanently between reboots, simply add it to your existing /tmp mounting flags from /etc/fstab similarly like so.
/dev/sda5 /tmp ext3 noexec,nosuid 0 0
Be noted that remounting a device with noexec and nosuid flag would not totally prevent someone from exploiting or abusing your system.
Enjoy.
Related Readings
Remount Partition and Device as Read-Only
How to Add Additional Swap File
How to Format Windows Partition Inside Linux
How to mount USB Flash Devices
0 comments:
Post a Comment