On Mon, Apr 08, 2002 at 09:31:36AM -0400, mikejr@emergyscorp.com wrote:
I got this in my email today....was I hacked.
I'm not a security expert, but... At first glance, nothing looks particularly bad. Looking at the gmike2 and mailadmn users might be worthwhile - why are they there?
Now last week I did do the undo suse harden script and removed a lot of the options because the using the script with yes to all the answers made the machine not want to run qmail. Don't know why, I am still looking at it. But would undoing it cause this message to appear, and is there anything I can do to make this box more secure with this list, I am not asking for handholding just a hint where I should start.
Run harden_suse. Install and configure SuSEfirewall2 or SuSE Personal Firewall. Close off any unused ports (should be done by harden_suse). Disable any unused services, particularly telnet, ftp, etc. I suspect that the qmail problems are likely to be due to either disabling services in /etc/services or /etc/inetd.conf.
Michael Garabedian Consultant [snip 7 lines] WE DENY THE EARTH PRINCIPLE OF THE THIRD EXCLUDED TERM (THE EXCLUDED [snip another 6 lines]
Was that really necessary? -- David Smith Work Email: Dave.Smith@st.com STMicroelectronics Home Email: David.Smith@ds-electronics.co.uk Bristol, England