anyone use Ninja on Ubuntu

http://blog.bodhizazen.net/linux/how-to-ninja-ubuntu-10-04/

 

How is this useful, exactly? If Ninja runs as the normal root user, anyone who can elevate to root can kill it.

 

I want to use ninja, but I can't see it or find it, sneaky little thing.
Mrk

 

Yeah. If an attacker has a code-path to a root owned process and can exploit that process, ninja won't be able to stop it. What it can help with, though, is stopping someone who only has user access on your box from escalating to root (i.e. by stopping them from starting a suid process and then exploiting it). Of course, this will do no good if they are running under your user ID in the first place (since you will have whitelisted all the suids for yourself).

So, basically all this tool is good for is stopping a blacklisted user (who is not your user) from running SUID binaries. Not very helpful, imo.

 

I am having a hard time understanding the usefulness of this Ninja. Is this an Ubuntu thing?

 

I had never heard of it before today either and I consider myself quite Linux security savvy. And, no, it will run on any Linux box, regardless of distro. But as I pointed out above, I think it is rather useless.

 

i also agree if he had a root access he can do anything same with if your system no-encrypted the he dont need even that all require is a live bootable cd of linux

but question how he had root access at 1st place specially from remote side.

 

You missed my ninja reference ...
Mrk