03-11-2012
Hi there!! Interesting work!!
A simple thing would be to lock the root account by deleting the password entry in /etc/shadow and not allowing the user to use sudo. May be you can work on SELinux to implement something like RBAC which is more secure. Also, you gotta change the run levels so that the user cannot get into single user mode from GRUB menu.
But have you given a thought about these?
1. Will a user be intended to reboot the system to boot into the Live media, just for browsing on the Internet securely?
2. The description on the site says the distro is secure because it's based on Read-only DVD. But this is not the fact. During the boot, the initramfs is loaded into the RAM and it acts like as if it's booted off a hard disk. You can still read/write once you boot into the OS (otherwise it would never work).
Anyways, it's a good effort in a direction people might not have thought of yet. So best of luck!
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
i am new to the unix i am running solaris 9 i like
it better than windows...
anyway i am looking on how can i secure the box in terms of software any freedownloads
would be a plus as well....
also what commands will be useful to see if there
has been a security breech on the unix box?
... (1 Reply)
Discussion started by: rmuhammad
1 Replies
2. Solaris
Does anyone know if you can use a virtual box image on different O/S's and be able to move it from one server to another of different O/S if needed? (1 Reply)
Discussion started by: BG_JrAdmin
1 Replies
3. Windows & DOS: Issues & Discussions
I am trying to create a new virtual machine (Red Hat) but I am getting the following error
I am completely new to VB and I am probably missing something.
Any help will be greatly appreciated. (4 Replies)
Discussion started by: Xterra
4 Replies
4. Virtualization and Cloud Computing
Hi,
I have installed VirtualBox, downloaded CentOS 5.5 and created a VirtualMachine where i have installed the 'server' versión of CentOS 5.5
As I installed Virtual Box a new network device appeared '192.16.1.250' in my 'real' machine. I was unable to reach my webserver so i istalled CentOS once... (5 Replies)
Discussion started by: motoko
5 Replies
5. Solaris
hi everyone... this is my first post here
please help me with this..as iam new to solaris
i have installed solaris 10 on virtual box.. and am not able to connect to the internet ..
is there anyway i can get connect to the net..
please help me step by step if possible...
thanks in... (1 Reply)
Discussion started by: yrajendergoud
1 Replies
6. UNIX for Dummies Questions & Answers
hi
Am Using Windows vista machine where i installed Sun Virtual Box on Which i installled Solaris 10.. am not able to ping my windows machine from Sun OS neither viceversa.. Can someone help me out to get this sorted please .... (2 Replies)
Discussion started by: Sojourner
2 Replies
7. Virtualization and Cloud Computing
I am Trying to install Oracle virtual box.But it is giving me some error message.Unable to resolve dependencies for some packages selected for installation.Missing dependencies libSDL-1.2.so.0 is needed by pacakage virtual box 4.1
I am using RHEL5
Help out with this. (1 Reply)
Discussion started by: saisrinivas99
1 Replies
8. Solaris
Trying to set or modify the randomly set hostID of a Solaris 10 virtual/guest machine that I installed on a Windows-XP host machine (using Virtual Box 4.1.12).
I was able to set/modify the hostname of the Solaris 10 virtual/guest machine during installation as well as via the Virtual Box... (4 Replies)
Discussion started by: Matt_VB
4 Replies
9. IP Networking
Hello,
I have two virtual machines ubuntu on virtual box vm1 and vm2 , i'd like to use ssh to connect from vm1 to vm2, please what's the configuration should do?
Thank you (1 Reply)
Discussion started by: chercheur857
1 Replies
LEARN ABOUT CENTOS
secure_getenv
GETENV(3) Linux Programmer's Manual GETENV(3)
NAME
getenv, secure_getenv - get an environment variable
SYNOPSIS
#include <stdlib.h>
char *getenv(const char *name);
char *secure_getenv(const char *name);
Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
secure_getenv(): _GNU_SOURCE
DESCRIPTION
The getenv() function searches the environment list to find the environment variable name, and returns a pointer to the corresponding value
string.
The GNU-specific secure_getenv() function is just like getenv() except that it returns NULL in cases where "secure execution" is required.
Secure execution is required if one of the following conditions was true when the program run by the calling process was loaded:
* the process's effective user ID did not match its real user ID or the process's effective group ID did not match its real group ID (typ-
ically this is the result of executing a set-user-ID or set-group-ID program);
* the effective capability bit was set on the executable file; or
* the process has a nonempty permitted capability set.
Secure execution may also required if triggered by some Linux security modules.
The secure_getenv() function is intended for use in general-purpose libraries to avoid vulnerabilities that could occur if set-user-ID or
set-group-ID programs accidentally trusted the environment.
RETURN VALUE
The getenv() function returns a pointer to the value in the environment, or NULL if there is no match.
VERSIONS
secure_getenv() first appeared in glibc 2.17.
CONFORMING TO
getenv(): SVr4, POSIX.1-2001, 4.3BSD, C89, C99.
secure_getenv() is a GNU extension.
NOTES
The strings in the environment list are of the form name=value.
As typically implemented, getenv() returns a pointer to a string within the environment list. The caller must take care not to modify this
string, since that would change the environment of the process.
The implementation of getenv() is not required to be reentrant. The string pointed to by the return value of getenv() may be statically
allocated, and can be modified by a subsequent call to getenv(), putenv(3), setenv(3), or unsetenv(3).
The "secure execution" mode of secure_getenv() is controlled by the AT_SECURE flag contained in the auxiliary vector passed from the kernel
to user space.
SEE ALSO
clearenv(3), getauxval(3), putenv(3), setenv(3), unsetenv(3), capabilities(7), environ(7)
COLOPHON
This page is part of release 3.53 of the Linux man-pages project. A description of the project, and information about reporting bugs, can
be found at http://www.kernel.org/doc/man-pages/.
GNU
2012-08-14 GETENV(3)