Charles,
Thanks for all the suggestions.
Matt
---------- Original Message ----------------------------------
From: Charles Philip Chan
On Wed, 23 Apr 103 07:53:36 PDT "Matt Stamm"
wrote: Just a gfew minutes ago I posted the Yast package-info. The stuff under "Technical Data". It mentions Red Hat alot.
Now it is all clear and from what I gathered from the posts, the box was also wide open. Putting a box, especially with services running, without a firewall is definitely begging to be hacked. I suggest you:
(1) Reinstall everything from scratch.
(2) Optionally, but advisable is to build a Tripwire (http://sourceforge.net/projects/tripwire/) db of the system. Make sure you store the db on removable media.
(3) Turn off all services you don't need, especially telnetd.
(4) Run Postfix in a chroot jail. This is an option in YaST2.
(5) Any services starting from inetd or xinetd should go through tcp wrappers (ftp://ftp.porcupine.org/pub/security/index.html), if it is not linked against it.
(6) Install a firewall such as SuSEFirewall2 and only expose services to the outside world if you intend them to be public, with the exception of sshd. Only expose sshd to the outside world if you intend to access this machine from the Internet.
(7) Install and use chkrootkit (http://www.chkrootkit.org/).
(8) Optionally, you might want to checkout snort (http://www.snort.org).
A good starting guide is the "Linux Administrator's Security Guide" (http://www.seifried.org/lasg/).
All of the software that I have mentioned should be included in SuSE already.
Charles
PS: Please check your system date and time. It is set to Dec. 31, 1969.
-- There are no threads in a.b.p.erotica, so there's no gain in using a threaded news reader. (Unknown source)