[lug] security

Dale Harris rodmur at maybe.org
Sat Nov 27 13:55:35 MST 1999 

On Sat, Nov 27, 1999 at 01:24:40PM -0700, Sevinsky Joel elucidated:
> The only accounts I have set up on this machine are sevinsky(me) and
> amy(my wife). I am assuming that the first break was from 
> 1Cust68.tnt14.denver.co.da.uu.net and somehow knew my login and password
> and set up the snow1 account.  Then they later came back as snow1 from
> concentric.net and compiled and installed bj.c.  I am guessing that after
> I rebooted my machine and got a different IP address they were not able to
> find my system again.  Well that being said, what should be done from
> here?  Should I just reinstall everything?  That would not be difficult at
> all.  Any suggestions on some good reading to learn about security?  I
> have the Running Linux book and I am about 200 pages into it but if I want
> to keep my system running I better do some quick reading on security.
> Thanks for your help.
> 
> Joel Sevinsky


Basically shut down everything you don't need.  Comment out everything 
in your /etc/inetd.conf, killall -HUP inetd (or restart it).  If you don't
need remote access to your machine, then don't worry about most of that
stuff, or learn to use ssh (or similar utilies).  Of course, delete snow1 
out of your passwd and shadow files. Make sure nothing has an empty 
passwd in /etc/shadow, foo::10809:9:99999:7:::, has an empty passwd, put a
* in the second field.  Turn off your web server, turn off sendmail or
whatever mail daemons that might be running.  Do a ps -ef (or ps aux) look for 
non-essential daemons.  You might even check out tools similar to SAINT
(http://www.wwdsi.com/saint/) to evaluate your system's security.  But 
basically if you turn everything off, then the only way into your machine
would be via the console, and then you can hit the person over the head with
a bat, if that happens. ;-)

Most likely they just found an easy way in (script kiddies), or they were 
able to sniff your passwd. 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dale Harris  <rodmur at maybe.org>   GPG key: 372FBD57    http://www.maybe.org/
                  Maybe is an Ambivalent Yet Beguiling Enigma

More information about the LUG mailing list