[lug] Interesting Crash Report

Brad Doctor bdoctor at ps-ax.com
Wed Mar 21 13:35:46 MST 2001 

inetd only controls what is in /etc/inetd.conf -- nothing else.  If you have 
been hacked, not sure why, not sure how the system works, save yourself the 
headache, and potentially another re-install from an attack. :)

-brad

> 
> UUGH... reboots, mentioned here ....uuugh... just restart inetd....
> 
> > -----Original Message-----
> > From: Brad Doctor [mailto:bdoctor at ps-ax.com]
> > Sent: Wednesday, March 21, 2001 3:23 PM
> > To: lug at lug.boulder.co.us
> > Subject: Re: [lug] Interesting Crash Report
> > 
> > 
> > Two tools may be of interest to you:
> > 
> > gnorpm -- Graphical RPM manager, can add, remove, query, etc.
> > 
> > control-panel -- Graphical system config utility, including 
> > removing items from
> > startup.  Runlevel 3 is what you are interested in if your 
> > system boots to
> > the command prompt (and you then login, and "startx"), 
> > runlevel 5 is what you
> > want if you boot directly to XDM / some other graphical X 
> > login screen.  I
> > would do both if you are not sure.  
> > 
> > The easiest thing is to restart your machine after you have 
> > disabled your
> > services, just to be sure -- control-panel will only remove them.
> > 
> > As an example, I only run the following on my workstation:
> > 
> > S10network (init.d/network)
> > S12syslog  (init.d/syslog)
> > S20random  (init.d/random)
> > S35identd  (init.d/identd)
> > S55sshd    (init.d/sshd)
> > S90crond   (init.d/crond)
> > S90xfs     (init.d/xfs)
> > S99snmpd   (init.d/snmpd)
> > 
> > If you are brave, don't run anything you are not familiar 
> > with.  Otherwise, 
> > be absolutely certain you know what each service does, and 
> > what it requires
> > to be secure when running (patches, configs, etc.).  As a 
> > general rule, don't
> > run anything you don't need.  Less system overhead, lower chance of
> > compromise.  A workstation needs very little to operate 
> > properly.  In my
> > list, the only *required* elements are network,xfs.  The rest 
> > are optional
> > in terms of system functionality. (yes, you can run without syslog)
> > 
> > Also, the required elements are basic to my needs -- not the 
> > system, if you
> > don't need an interface and networking :)
> > 
> > -brad
> > 
> > 
> > > 
> > > First, thank you Scott and D. Stimits for confirming my 
> > fears and also
> > > for the advice.  I failed all those tests, except lsof, 
> > which appears
> > > not to be on my machine; what/where is it?  I have re-installed 6.2,
> > > changed my password, killed rpc.statd (how do I disable it, please),
> > > and renamed nfslock.  I hope to be safe for another ten 
> > minutes or so.
> > > 
> > > I have studiously avoided security issues until now because I have
> > > plenty of other things to do with my time and I know that a good
> > > number of hours will be consumed by it.  I have trusted in a quick
> > > connect and disconnect policy for my security.  This has 
> > worked quite
> > > well really: I was caught when I started surfing a little.  
> > However, I
> > > suppose the hour cometh, so I have more questions.
> > > 
> > > What I should like to do is have a two or three machine 
> > local network
> > > in the house connected to the outside world via the 
> > television cable;
> > > the latter for speed and to avoid preventing use of the telephone.
> > > The local network must accomodate MS NT etc. as well as Linux.  I
> > > assume that this is a very common setup.  Is that true?  Is it a
> > > sensible way to go?  Is there something better, and why is 
> > it better?
> > > Do I tie myself to AT&T, or can I use my present ISP, etc?
> > > 
> > > I should like to understand what I am doing, rather than 
> > simply follow
> > > a procedure.  Although, in truth, that is only because I know that I
> > > shall have to fiddle with it later.  So, a question is: where do I
> > > read about what to do?  What is the best starting point; 
> > HOWTOs, buy a
> > > book (which one), BLUG archives, or what?
> > > 
> > > I have read the term ipchains many times; are they part of a good
> > > technique?  What about tummy's isinglass?  I have heard 
> > that a router
> > > is a good security device; and I have heard that a router is a bad
> > > security device.  How secure is RedHat 7.1?
> > > 
> > > Yours in ignorance, but hopeful.
> > > dajo
> > > _______________________________________________
> > > Web Page:  http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > > 
> > 
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>

More information about the LUG mailing list