Mailinglist Archive: opensuse (4165 mails)
| < Previous | Next > |
Re: [SLE] Help - Been Hacked!!
- From: "Matt Stamm" <suselist@xxxxxxxxx>
- Date: Thu, 24 Apr 2003 06:43:38 -0700
- Message-id: <200304240643.AA105119942@xxxxxxxxx>
Charles,
Thanks for all the suggestions.
Matt
---------- Original Message ----------------------------------
From: Charles Philip Chan <cpchan@xxxxxxxxxxxx>
Date: Wed, 23 Apr 2003 21:53:03 -0400
>On Wed, 23 Apr 103 07:53:36 PDT
>"Matt Stamm" <suselist@xxxxxxxxx> wrote:
>
>> Just a gfew minutes ago I posted the Yast
>> package-info. The stuff under "Technical Data". It
>> mentions Red Hat alot.
>
>Now it is all clear and from what I gathered from the posts, the box was
>also wide open. Putting a box, especially with services running, without
>a firewall is definitely begging to be hacked. I suggest you:
>
>(1) Reinstall everything from scratch.
>
>(2) Optionally, but advisable is to build a Tripwire
>(http://sourceforge.net/projects/tripwire/) db of the system. Make sure
>you store the db on removable media.
>
>(3) Turn off all services you don't need, especially telnetd.
>
>(4) Run Postfix in a chroot jail. This is an option in YaST2.
>
>(5) Any services starting from inetd or xinetd should go through
>tcp wrappers (ftp://ftp.porcupine.org/pub/security/index.html), if it is
>not linked against it.
>
>(6) Install a firewall such as SuSEFirewall2 and only expose services to
>the outside world if you intend them to be public, with the exception of
>sshd. Only expose sshd to the outside world if you intend to access this
>machine from the Internet.
>
>(7) Install and use chkrootkit (http://www.chkrootkit.org/).
>
>(8) Optionally, you might want to checkout snort (http://www.snort.org).
>
>
>A good starting guide is the "Linux Administrator's Security Guide"
>(http://www.seifried.org/lasg/).
>
>All of the software that I have mentioned should be included in SuSE
>already.
>
>Charles
>
>PS: Please check your system date and time. It is set to Dec. 31, 1969.
>
>--
>There are no threads in a.b.p.erotica, so there's no gain in using a
>threaded news reader.
>(Unknown source)
>
>
Thanks for all the suggestions.
Matt
---------- Original Message ----------------------------------
From: Charles Philip Chan <cpchan@xxxxxxxxxxxx>
Date: Wed, 23 Apr 2003 21:53:03 -0400
>On Wed, 23 Apr 103 07:53:36 PDT
>"Matt Stamm" <suselist@xxxxxxxxx> wrote:
>
>> Just a gfew minutes ago I posted the Yast
>> package-info. The stuff under "Technical Data". It
>> mentions Red Hat alot.
>
>Now it is all clear and from what I gathered from the posts, the box was
>also wide open. Putting a box, especially with services running, without
>a firewall is definitely begging to be hacked. I suggest you:
>
>(1) Reinstall everything from scratch.
>
>(2) Optionally, but advisable is to build a Tripwire
>(http://sourceforge.net/projects/tripwire/) db of the system. Make sure
>you store the db on removable media.
>
>(3) Turn off all services you don't need, especially telnetd.
>
>(4) Run Postfix in a chroot jail. This is an option in YaST2.
>
>(5) Any services starting from inetd or xinetd should go through
>tcp wrappers (ftp://ftp.porcupine.org/pub/security/index.html), if it is
>not linked against it.
>
>(6) Install a firewall such as SuSEFirewall2 and only expose services to
>the outside world if you intend them to be public, with the exception of
>sshd. Only expose sshd to the outside world if you intend to access this
>machine from the Internet.
>
>(7) Install and use chkrootkit (http://www.chkrootkit.org/).
>
>(8) Optionally, you might want to checkout snort (http://www.snort.org).
>
>
>A good starting guide is the "Linux Administrator's Security Guide"
>(http://www.seifried.org/lasg/).
>
>All of the software that I have mentioned should be included in SuSE
>already.
>
>Charles
>
>PS: Please check your system date and time. It is set to Dec. 31, 1969.
>
>--
>There are no threads in a.b.p.erotica, so there's no gain in using a
>threaded news reader.
>(Unknown source)
>
>
| < Previous | Next > |