On 10/17/2018 11:13 AM, Tracy Reed wrote:
On Tue, Oct 16, 2018 at 02:15:39AM PDT, Sheogorath spake thusly:
> I wonder if there is a way to prevent a direct piping from curl to bash
> using SELinux.
No good way to prevent it. If they can install software they can do it.
Don't install curl. Monitor for process executions. I have auditd log
execs. Anytime someone runs curl or wget in our production environment
something's up.
chmod 700 $(which curl)
but a selinux policy preventing those exact pipe invocations would be
interesting